ClamAV | Unofficial Signatures
On Debian DO NOT USE the package, get https://github.com/extremeshok/clamav-unofficial-sigs instead + read INSTALL + do quick install ;) And maybe build your own: http://ftp.swin.edu.au/sanesecurity/
Month: April 2017
Analyzing infected files
MSOFFICE 2007+ unzip the file and get vbaProject.bin sigtool –vba vbaProject.bin PRE MSOFFICE 2007 sigtool –vba FILE.xls EXECUTABLES get http://hexacorn.com/d/PESectionExtractor.pl use it.. sigtool –mdb OR sigtool –md5
ClamAV | homebrewing signature files
Quick and Dirty: from mpack tools: munpack YOURMAILFILE sigtool –md5 ../XFILES/DocumentXNoX1076196.xls >> MYSIG.hdb Better: https://objective-see.com/blog/blog_0x17.html https://www.decalage.info/vba_tools https://www.decalage.info/python/olevba http://www.pwnage.io/2013/06/fun-with-clamav.html?m=1 http://blog.clamav.net/2011/02/how-to-create-custom-signatures-for.html?m=1 Click to access blah.pdf http://blog.adamsweet.org/?p=250 https://packages.gentoo.org/packages/net-mail/mpack https://www.idrsolutions.com/online-pdf-to-html5-converter/ http://blog.talosintelligence.com/2008/09/logical-signatures-in-clamav-094.html http://hexacorn.com/d/PESectionExtractor.pl Click to access signatures.pdf http://hiddenillusion.blogspot.de/2012/06/xdp-files-and-clamav.html
ClamAV remote scan command
Try telnet $SERVERIP $PORT Type zINSTREAM …
ClamAV as remote accessable server
On debian simply run dpkg-reconfigure clamav-daemon Test it with telnet $IP $PORT Type PING Get PONG Config files: clamd.conf #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details TCPSocket 3310 TCPAddr 192.168.100.8 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default […]
ClamAV | clamdscan | using remote clam server via tcp
On your machine install clamav, then create clamd.remote.conf, it contains two lines only: TCPSocket REMOTEPORT TCPAddr REMOTEIP Run clamdscan -c clamd.remote.conf –fdpass –stream ‘$FILE’
BASH | detect text files charset and convert to …
MOD_INTRO_FILE_CHARSET=”$(file -bi “$MOD_INTRO_FILE” | grep charset | sed “s|.*\=||” | awk ‘{print $1}’)” if [ “x$MOD_INTRO_FILE_CHARSET” != “x” ]; then $(which iconv) -l | grep -wi $MOD_INTRO_FILE_CHARSET > /dev/null if [ $? -eq 0 ]; then MOD_INTRO=”$(cat “$MOD_INTRO_FILE” | $(which iconv) -cs -f $MOD_INTRO_FILE_CHARSET -t $CHARSET_TEXTFILE)” else MOD_INTRO=”$(cat “$MOD_INTRO_FILE”)” fi else MOD_INTRO=”$(cat “$MOD_INTRO_FILE”)” fi
Javascript // searching JSON objects quick // accessing JSON elements
OBJECT: ‘use strict’; var slotIndexes = [ { ‘slot’ : ‘live’, ‘index’: 0 }, { ‘slot’ : ‘achtziger’, ‘index’: 1 }, { ‘slot’ : ‘neunziger’, ‘index’: 2 }, { ‘slot’ : ‘relax’, ‘index’: 3 }, { ‘slot’ : ‘rock’, ‘index’: 4 }, { ‘slot’ : ‘brandneu’, ‘index’: 5 }, { ‘slot’ : ‘black and dance’, […]
calculate hours, minutes, seconds from seconds
date -d “@${INPUT_SECONDS}” -u “+%H:%M:%S”
bytes and bones 
You must be logged in to post a comment.