hi
i wish to know the steps to prepare signature so that clamav will detect
all zipped files containing files with extensions pif, scr, exe, com, bat,
cmd, vbs, lnk, cpl, vbs as virus -- immaterial of whether they contain
virus or not.
what is the process for this.
is there is any documentation
You can use a zmd signature detailed in this doc:
http://www.clamav.net/doc/latest/signatures.pdf
Here is an example signature for detecting files with the .sh extension:
Ziptest:0:.*\.sh:*:*:*:*:*:*
- Doug
On Tue, Sep 17, 2013 at 7:08 AM, Rajesh M 24x7ser...@24x7server.net wrote:
hi
i
Hi, have a look on the sanesecurity.com site for the foxhole signature
databases. cheers, Steve
Rajesh M 24x7ser...@24x7server.net wrote:
hi
i wish to know the steps to prepare signature so that clamav will
detect
all zipped files containing files with extensions pif, scr, exe, com,
bat,
cmd,
How I can ignore uppercase in a filename.
Right now i´m using foxhole_all.cdb to block .exe files inside .zip archives
However if the zip contain archive.EXE (in uppercase) the scan miss.
Sanesecurity.Foxhole.Zip_exe:CL_TYPE_ZIP:*:\.exe$:*:*:*:*:*:*
thx
A
I try
/\.exe$/i
?i.exe$
without success
So the question is. How I set a a case-insensitivity flag for the
expression in clamav?
El 17/09/2013 14:51, Bowie Bailey escribió:
On 9/17/2013 3:47 PM, Douglas Goddard wrote:
On Tue, Sep 17, 2013 at 3:05 PM, Alejandro Rodriguez
On 9/17/2013 3:47 PM, Douglas Goddard wrote:
On Tue, Sep 17, 2013 at 3:05 PM, Alejandro Rodriguez arodrig...@b2ec.netwrote:
How I can ignore uppercase in a filename.
Right now i´m using foxhole_all.cdb to block .exe files inside .zip
archives
However if the zip contain archive.EXE (in
It is a regular expression. So you could replace exe with something like
(exe|EXE) to detect both uppercase and lowercase.
- Doug
On Tue, Sep 17, 2013 at 3:05 PM, Alejandro Rodriguez arodrig...@b2ec.netwrote:
How I can ignore uppercase in a filename.
Right now i´m using foxhole_all.cdb to
You may notice that the new Main.cvd has been pushed. You will notice a
significant difference in load on the servers and traffic while everyone is
updating to the new version.
Thank you for your patience.
--
Joel Esler
Open Source Community Manager
Senior Research Engineer, VRT
SOURCEfire,
