New service - the Team Cymru Malware Hash Registry!
Steve Basford
steveb_clamav at sanesecurity.com
Tue Oct 28 12:45:51 GMT 2008
> - The ClamAV signatures include a size field to avoid possible MD5
> collisions.
That's true...
I've got a small rogue.hdb database with I'm filling with rogue anti-virus
software hashes and current high-hitting rogues ( it's downloaded with the
new downloads scipts here: http://www.sanesecurity.co.uk/clamav/usage.htm
)
You can, of course create your own database:
Run ClamAV's sigtool in a directory of bad exe's or zips etc:
sigtool --md5 * > bad.hdb
Pop the bad.hdb into the ClamAV database directory, restart clamd and away
you go.
md5's will change... but may help with short term fixes ;)
Cheers and sorry for highjacking the list :)
Steve
Sanesecurity
More information about the MailScanner
mailing list