Hello,
I'm trying to create signatures for clamav, to detect exe and mp3
files. Seems to work for exe, but strangely not for mp3, despite
the fact I did excatly the same in both cases:
Getting signatures for both files:
alex:~$ dd if=exefile.exe count=1 | sigtool --hex-dum
1+0 Datensätze ein
On Tue, July 8, 2014 3:41 pm, a...@alb.de wrote:
alex:~$ dd if=mp3file.mp3 count=1 | sigtool --hex-dump
alex:~$ clamscan mp3file.exe
Hi Alex,
In the daily.ftm file, mp3 filetypes are ignored.
0:0:494433:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED
Cheers,
Steve
Sanesecurity
I guess, if you *really* wanted to block mp3's being emailed you could
create a type4 ndb signature to match the mp3 base64 in the email ?
eg... email format...
==
Content-Type: audio/mpeg;
name=test.mp3
Content-Transfer-Encoding: base64
Content-Disposition: attachment;