On Tue, January 26, 2016 11:54 am, Arnaud Jacques / SecuriteInfo.com wrote:
> Hello Steve,
>
>
>> I've seen the same sometimes I've had to end up using type 0,
>> instead of 3/4/7 which isn't ideal.
>
> Even with filetype 0 this doesn't match :
Hi Arnaud,
Can you attach a sample... see if I
Hello Alain,
> Did you normalize your file? I.e. Clamscan--leave-temps?
You didn't understand :)
If I normalize the file, the HTML comments are deleted. I need them to create
a signature.
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
Facebook :
test.html
THIS IS A MALWARE
Test signatures:
this is a malware
This is a malware
test.ndb
test1:3:*:3c212d2d20546869732069732061206d616c77617265202d2d3e
test2:3:*:3c212d2d20746869732069732061206d616c77617265202d2d3e
test3:3:*:20746869732069732061206d616c7761726520
Arnaud:
Did you normalize your file? I.e. Clamscan--leave-temps?
- Alain
-Alain
> On Jan 26, 2016, at 6:55 AM, Arnaud Jacques / SecuriteInfo.com
> wrote:
>
> Hello Steve,
>
>> I've seen the same sometimes I've had to end up using type 0, instead
>> of 3/4/7