 |
 | Unofficial malware signatures |  |
|
vittorio93
|
|
Hi community, today i found this on the web
https://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml https://www.securiteinfo.com/services/clamav_unofficial_malwares_signatures.shtml it's talkin about unofficial signatures for clamav database to use with clamwin too. did you know this project? what do you think about it? Thank you 
PS: You're great |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
I do not speak French, so I am unfamiliar with that web page, but you can prepare unofficial signatures for Clam AV if you use Clam. ClamWin uses the Clam AV signature database, so any signatures prepared for Clam AV can be used by ClamWin also.
There are some instructions on the web for preparing Clam AV signatures. Do a search for "unofficial Clam AV signatures." Regards, |
|||||||||||
|
|||||||||||||
|
| Re: Unofficial malware signatures | |
|
tizef
|
|
GuitarBob, that web page speaks two languages : French and English ;-)
There are several unofficial databases projects like this. You may also be interested in the Sanesecurity’s ClamAV web page. Have you heard about ClamSup (a part of tBB’s ClamAV for Windows project) before ? Although that project is reported dead you could find here an old (two years) version of ClamSup. Apparently danq has been using Malware Patrol’s signatures for years. |
|||||||||||||||
|
Last edited by tizef on Sat Mar 23, 2013 8:52 pm; edited 1 time in total
|
|||||||||||||||||
|
| |
|
GuitarBob
|
|
Thanks, tizef--I didn't notice the English on the left side of the web page. The HDB signatures are MD5 file hashes, which are a quick mathmatical representation of a file. HDB sigs are good, valid signatures, but they are very specific and are only good for that one virus in that one file. Most viruses today are changed very frequently (sometimes hourly via automated tools) to avoid detection by AVs. Clam uses them when they can't get a more specific signature. Many AVs use them so they can get a quick signature in an effort to deal with the thousands of virus samples they get every day. The utility of these particular signatures depends upon the quality of person/organizations preparing them and their attention/frequency as to the maintenance of their database.
The good thing about Clam AV/ClamWin is that you can prepare your own signatures. The HDB sigs consist of: filehash:filesize:VirusType.VirusName. The file hash is computed with a file hashing program that computes MD5 file hashes. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Clam AV has now informed users on its web site that it will accept user-prepared signatures that are pasted in the comments section when they submit a file. Clam will check the signature, make sure there are no false positive detections, and publish it in their official database and give the user credit in the email that is sent out to email subscribers when the signatures are published. Be sure to attach the infected file.
The Clam signatures are also now automated, with hourly updates. This is a good improvement that will provide users, including ClamWin users, with better protection. Regards, |
|||||||||||
|
|||||||||||||
|
 | Unofficial malware signatures | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.