MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


Take me to MyPage
I'm not curious

IT Career Development Platform

IT Career Development, Progression, Coaching, Jobs | MyTechLogy
You are here: Home / IT Blogs / IT Blog View

Malware Signatures to ClamAV

Published on 13 July 17
0
1

Malware Signatures from malware expert help improve the detection rate of malware from PHP files. Our malware signatures are generated for real life PHP malware from live Web Hosting Servers and now you can use them for FREE!

Install Signatures ClamAV

You can add malware expert ClamAV signatures to freshclam.conf file:

DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp

or direct download:
malware.expert.ndb
malware.expert.hdb
malware.expert.ldb
malware.expert.fp

malware.expert.ndb is a Generic Hex pattern PHP malware, which can cause false positive alarms, because there are generic eval, base64 and other hex pattern signatures (very low false positive rate). We want to scan all .php files and check the false positives manually for malware. If some signature causes to you problems, you can whitelist them.

malware.expert.hdb is statics MD5 pattern for files, and there are no false positive.

malware.expert.ldb is LDB signatures(read more), which use multi-words search for malware in files.

malware.expert.fp is whitelisted, what we found is that cause false positive malware.

Samples

If our signatures don’t detect malware, you can send a sample to us, so we can add them to the our database.

Samples can also be directly emailed to: samples ( at ) malware.expert

Or send us a link to the sample, so we can download it.

Whitelist specific signature

Create a file called local.ign2 or whitelist.ign2 in your ClamAV db directory. Add the signature names that you want whitelisted one per line at a time.

Example:

Malware.Expert.Generic.Eval.1

Whitelist files

Use the same name as the database in which the detection signatures exist. So if all signatures are in malware.expert.cld

The whitelisting file should be by the name malware.expert.fp and have this line (hash: size: random name) in the same dir as malware.expert.cld

5523530941c409b349ef40fa9415247e:51204:Malware.Expert.Generic.Eval.1

Despite a BAD signature existing in the malware.expert.cld. it will just IGNORE it

This article is published by Malware Expert

This blog is listed under Server & Storage Management Community

Related Posts:

Web hosting

 
Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in

IT Skills for your Career Progression
Is your CV getting enough attention?
Are you new to MyTechLogy?
Click here to learn more
 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top