Sending this over to the users list as well: Begin forwarded message:
From: Alain Zidouemba <azidoue...@sourcefire.com<mailto:azidoue...@sourcefire.com>> Subject: [Community-sigs] Create your own ClamAV signatures with CASC Date: May 14, 2015 at 9:57:00 AM PDT To: ClamAV Community Signatures Submission List <community-s...@lists.clamav.net<mailto:community-s...@lists.clamav.net>> Reply-To: ClamAV Community Signatures Submission List <community-s...@lists.clamav.net<mailto:community-s...@lists.clamav.net>> http://blog.clamav.net/2015/05/create-your-own-clamav-signatures-with.html The ClamAV community is growing and we are receiving more user-generated ClamAV signatures through our community signatures mailing list <http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html>. Thanks to all who have contributed! For those who find the task of writing your own signatures <https://github.com/vrtadmin/clamav-devel/raw/master/docs/signatures.pdf> daunting, we have created something you may be interested in. To aid users in developing better ClamAV signatures faster, Angel Villegas created the ClamAV Signature Creator (CASC), an IDA Pro plug-in. A quick and easy installation into IDA Pro 6.7 or higher (reduced feature set for IDA Pro 6.6) will have you creating basic ClamAV ndb and ldb signatures in no time. CASC allows users to select aspects of a sample's disassembly, a function block, or a set of strings to create a sub-signature. Each sub-signature can contain user-defined notes to keep track of information contained within the sub-signature. Once you've selected enough sub-signatures to get the job done, or until your heart's content, a ClamAV signature can be created from one or more sub-signatures. Check out this IDA Pro plug-in on Github <https://github.com/vrtadmin/CASC> and its wiki for documentation <https://github.com/vrtadmin/CASC/wiki>. - Alain _______________________________________________ Community-sigs mailing list community-s...@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml