ClamAV | homebrewing signature files

Quick and Dirty: from mpack tools: munpack YOURMAILFILE sigtool –md5 ../XFILES/DocumentXNoX1076196.xls >> MYSIG.hdb Better: https://objective-see.com/blog/blog_0x17.html https://www.decalage.info/vba_tools https://www.decalage.info/python/olevba http://www.pwnage.io/2013/06/fun-with-clamav.html?m=1 http://blog.clamav.net/2011/02/how-to-create-custom-signatures-for.html?m=1 http://www.mitosciences.com/PDF/blah.pdf http://blog.adamsweet.org/?p=250 https://packages.gentoo.org/packages/net-mail/mpack https://www.idrsolutions.com/online-pdf-to-html5-converter/ http://blog.talosintelligence.com/2008/09/logical-signatures-in-clamav-094.html http://hexacorn.com/d/PESectionExtractor.pl https://fossies.org/linux/clamav/docs/signatures.pdf http://hiddenillusion.blogspot.de/2012/06/xdp-files-and-clamav.html

ClamAV as remote accessable server

On debian simply run dpkg-reconfigure clamav-daemon Test it with telnet $IP $PORT Type PING Get PONG Config files: clamd.conf #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details TCPSocket 3310 TCPAddr 192.168.100.8 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default […]