[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    [clamav-users] Fwd: [Community-sigs] Create your own ClamAV signatures with CASC
From:       "Joel Esler (jesler)" <jesler () cisco ! com>
Date:       2015-05-14 21:11:59
Message-ID: 2BA03699-BE2D-4F85-A562-BF28094410B8 () cisco ! com
[Download RAW message or body]

Sending this over to the users list as well:

Begin forwarded message:

From: Alain Zidouemba <azidouemba@sourcefire.com<mailto:azidouemba@sourcefire.com>>
Subject: [Community-sigs] Create your own ClamAV signatures with CASC
Date: May 14, 2015 at 9:57:00 AM PDT
To: ClamAV Community Signatures Submission List \
                <community-sigs@lists.clamav.net<mailto:community-sigs@lists.clamav.net>>
                
Reply-To: ClamAV Community Signatures Submission List \
<community-sigs@lists.clamav.net<mailto:community-sigs@lists.clamav.net>>

http://blog.clamav.net/2015/05/create-your-own-clamav-signatures-with.html

The ClamAV community is growing and we are receiving more user-generated
ClamAV signatures through our community signatures mailing list
<http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html>.
Thanks to all who have contributed! For those who find the task of writing
your own signatures
<https://github.com/vrtadmin/clamav-devel/raw/master/docs/signatures.pdf>
daunting,
we have created something you may be interested in.

To aid users in developing better ClamAV signatures faster, Angel Villegas
created the ClamAV Signature Creator (CASC), an IDA Pro plug-in. A quick
and easy installation into IDA Pro 6.7 or higher (reduced feature set for
IDA Pro 6.6) will have you creating basic ClamAV ndb and ldb signatures in
no time. CASC allows users to select aspects of a sample's disassembly, a
function block, or a set of strings to create a sub-signature. Each
sub-signature can contain user-defined notes to keep track of information
contained within the sub-signature. Once you've selected enough
sub-signatures to get the job done, or until your heart's content, a ClamAV
signature can be created from one or more sub-signatures.

Check out this IDA Pro plug-in on Github <https://github.com/vrtadmin/CASC> and
its wiki for documentation <https://github.com/vrtadmin/CASC/wiki>.

- Alain
_______________________________________________
Community-sigs mailing list
Community-sigs@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic