Category: script
ClamAV | homebrewing signature files
Quick and Dirty: from mpack tools: munpack YOURMAILFILE sigtool –md5 ../XFILES/DocumentXNoX1076196.xls >> MYSIG.hdb Better: https://objective-see.com/blog/blog_0x17.html https://www.decalage.info/vba_tools https://www.decalage.info/python/olevba http://www.pwnage.io/2013/06/fun-with-clamav.html?m=1 http://blog.clamav.net/2011/02/how-to-create-custom-signatures-for.html?m=1 Click to access blah.pdf http://blog.adamsweet.org/?p=250 https://packages.gentoo.org/packages/net-mail/mpack https://www.idrsolutions.com/online-pdf-to-html5-converter/ http://blog.talosintelligence.com/2008/09/logical-signatures-in-clamav-094.html http://hexacorn.com/d/PESectionExtractor.pl Click to access signatures.pdf http://hiddenillusion.blogspot.de/2012/06/xdp-files-and-clamav.html
ClamAV remote scan command
Try telnet $SERVERIP $PORT Type zINSTREAM …
ClamAV as remote accessable server
On debian simply run dpkg-reconfigure clamav-daemon Test it with telnet $IP $PORT Type PING Get PONG Config files: clamd.conf #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details TCPSocket 3310 TCPAddr 192.168.100.8 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default […]
ClamAV | clamdscan | using remote clam server via tcp
On your machine install clamav, then create clamd.remote.conf, it contains two lines only: TCPSocket REMOTEPORT TCPAddr REMOTEIP Run clamdscan -c clamd.remote.conf –fdpass –stream ‘$FILE’
Bash | compare two arrays | compare two strings
comm -12 <(printf ‘%s\n’ “${ARRAY1[@]}” | LC_ALL=C sort) <(printf ‘%s\n’ “${ARRAY2[@]}” | LC_ALL=C sort) comm -12 <(printf ‘%s\n’ ${STRING1} | LC_ALL=C sort) <(printf ‘%s\n’ ${STRING2} | LC_ALL=C sort)
Perl | Regex | match numbers greater than X only
Example: Numbers bigger than 240 ^([2-9][4-9]\d{1}\d*|\d{4}\d*)$
Bash | script | drop all quotes from string
function drop_bad_chars { echo “$@” | sed “s|[\’]||g” | sed ‘s|[\”]||g’ }
shell | script self run check
LINUX: MYARGS=”$(ps -wwo args= $$)”; ps wwaux | grep -v grep | grep “$MYARGS” | grep -vwe “$$” -vwe “$PPID” && exit LINUX && OPENBSD: MYARGS=”$(ps -wwo args= -p $$)”; MYSESS=”$(ps -wwo sess= -p $$)”; ps -wwo sess,args= | grep -v grep | grep “$MYARGS” | grep -vw $MYSESS > /dev/null 2>&1 && exit
SMTP | ask a server he is serving a domain
echo “VRFY $DOMAIN\nquit” | nc SMTP.MYSERVER.TLD 25
bytes and bones 
You must be logged in to post a comment.