Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

On Tue, January 26, 2016 11:54 am, Arnaud Jacques / SecuriteInfo.com wrote: > Hello Steve, > > >> I've seen the same sometimes I've had to end up using type 0, >> instead of 3/4/7 which isn't ideal. > > Even with filetype 0 this doesn't match : Hi Arnaud, Can you attach a sample... see if I

Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

Hello Alain, > Did you normalize your file? I.e. Clamscan--leave-temps? You didn't understand :) If I normalize the file, the HTML comments are deleted. I need them to create a signature. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook :

Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

test.html THIS IS A MALWARE Test signatures: this is a malware This is a malware test.ndb test1:3:*:3c212d2d20546869732069732061206d616c77617265202d2d3e test2:3:*:3c212d2d20746869732069732061206d616c77617265202d2d3e test3:3:*:20746869732069732061206d616c7761726520

Re: [clamav-users] Clamav cannot detect a malware using a signature based on html comment

Arnaud: Did you normalize your file? I.e. Clamscan--leave-temps? - Alain -Alain > On Jan 26, 2016, at 6:55 AM, Arnaud Jacques / SecuriteInfo.com > wrote: > > Hello Steve, > >> I've seen the same sometimes I've had to end up using type 0, instead >> of 3/4/7