Hello,

sorry for links to my translator. I thought thunderbird is removing this when choosing pure-text-format.
now it is readable:

Am 08.09.2014 um 16:04 schrieb Hajo Locke:
Hello,

from time to time i create some signatures from what i found in php-code of my users. Now i found some malware that worries me. Its obfuscated php-code to execute all which was sent by POST (mostly spammails). If i unencrypt the code, so i always find the same malwarecode. But code how it can be found in php-page is always variable.

samples can be found here for next 2 weeks: http://pastebin.com/9VAW8FKK

What should i do now? Is there a trick to find a signature which fits for all samples or i have to create a different signature for every sample?
What  is  your  view  on this  subject?

Thanks,
Hajo


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to