On Mon, Dec 15, 2008 at 04:59:17PM +0700, ????????? ????z??up?????? ??z?????? ????????? wrote: > > Sebenarnya kita bisa update database virus clamav sendiri. > > Cuma ambil signature dari virus tersebut kemudian taruh di > > /var/lib/clamav. Lengkapnya baca dokumentasi clamav. > > > > > nah > kalau ini advance :D > sayah lom bisa :))
Misal ada file virus bernama mov.exe yg gagal didetek clamav sbg virus. Pakai tool sigtool untuk memperoleh signature virus tsb: sigtool --md5 mov.exe Nanti akan keluar signature virus tsb: e9d5955a89155fa02b1ff470bf38f27a:57344:mov.exe simpan signature ke file, misal VirusBaru.hdb lantas edit isinya shg mencerminkan virus sebenarnya, ganti mov.exe dengan tipe virus tsb: e9d5955a89155fa02b1ff470bf38f27a:57344:Virus.Kangen lantas save dan taruh di direktori /var/lib/clamav Setelah itu reload clamav. Jika dijalankan clamscan mov.exe pasti akan terdeteksi virusnya. Beberapa virus lokal yg berhasil saya peroleh: y...@server:/var/lib/clamav$ cat Virus.Lokal.hdb d7f631282f9715a3f51692dd4c0a1c2d:15872:Trojan.Horse.1 39b0888d76970221bdbeefcae16b79de:157184:Trojan.Horse.2 503e8a7990c2a63155b4a6e7ee9298be:157184:Trojan.Horse.3 ed39e25ff92a2cfd8c0de9f5bb726870:157184:Trojan.Horse.4 96dada258f065af4f5d7a9fb5c6a42e9:157184:Trojan.Horse.5 ed007e1126511534c6ecd06c66895cbb:188416:Trojan.Horse.6 5464b01693b9848ca4d1bc3dd4679796:156176:Trojan.Horse.7 170da9093b9c54e9ece7524e63afe4e6:156176:Trojan.Horse.8 7b54808c5bd13b5719ed19e87938ed40:156176:Trojan.Horse.9 d6f4eb504eece61873867989ad66ccfb:54016:Trojan.Horse.10 074ad1fe9c048d2f6f5e29a0cb57ae80:54072:Trojan.Horse.11 f45892e3803c44882ccff16b945005fd:59544:Trojan.Horse.Downloader 54a5c6bfc93772603d1b313e40930fb8:190464:Trojan.Linkoptimizer b9a9f6d91e4f5210193f1d1e37521d45:188416:Trojan.Horse.Generic.SNP bd25d456c52e2808932e85f6f033e5e8:210944:Trojan.Horse.PSW.Small.3.AU e9d5955a89155fa02b1ff470bf38f27a:57344:Virus.Kangen a3b495e183995e7148edd3cf773eafa2:45558:I-Worm/Brontok.C.1 29706176b5550f0fc35da0eed08c35aa:42097:I-Worm/Brontok.C.2 14092ce88ac3e22b173b31bbf78dd276:32768:I-Worm/Brontok.C.3 72ac420cef8d898ab1a66c5d79ce7d6b:35176:I-Worm/Brontok.C.4 8d0690efc5b4770427f7f16f60aac62d:42496:w32.rontok...@mm 6f8530a8b98300746e040b613d7fc3c4:92672:Virus.Lokal.Undetected Sudah lama ndak diupdate, terakhir tgl 13/08/2007. -- Terimakasih sebelumnya. Salam, ~~ Arief Yudhawarman ~~ ------------------------------------ Official Web Site : http://www.awari.or.id Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/asosiasi-warnet/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/asosiasi-warnet/join (Yahoo! ID required) <*> To change settings via email: mailto:asosiasi-warnet-dig...@yahoogroups.com mailto:asosiasi-warnet-fullfeatu...@yahoogroups.com <*> To unsubscribe from this group, send an email to: asosiasi-warnet-unsubscr...@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
