Monday, May 18, 2015

Lurker is going End of Life

For years, we've had a system named "Lurker" that displayed the archives for our mailing lists, well, we are actually keeping the archives for the mailing lists in two places.  On Lurker, and on mailman itself.  So, we've decided to End of Life the lurker machine, in favor of the mailman system.

The most common place that links to lurker directly is inside of the notification emails that are sent to malware submitters when coverage is written as well as the clamav-virusdb list when the db updates are pushed.

We plan on brining lurker down and changing the links in the alert emails on Friday, May 22, 2015.

Please be patient with us as we remove this system from the ClamAV network.

Wednesday, May 13, 2015

Create your own ClamAV signatures with CASC!

The ClamAV community is growing and we are receiving more user-generated ClamAV signatures through our community signatures mailing list. Thanks to all who have contributed! For those who find the task of writing your own signatures daunting, we have created something you may be interested in.

To aid users in developing better ClamAV signatures faster, I've created the ClamAV Signature Creator (CASC), an IDA Pro plug-in. A quick and easy installation into IDA Pro 6.7 or higher (reduced feature set for IDA Pro 6.6) will have you creating basic ClamAV ndb and ldb signatures in no time. CASC allows users to select aspects of a sample's disassembly, a function block, or a set of strings to create a sub-signature. Each sub-signature can contain user-defined notes to keep track of information contained within the sub-signature. Once you've selected enough sub-signatures to get the job done, or until your heart's content, a ClamAV signature can be created from one or more sub-signatures.

Check out this IDA Pro plug-in on Github and its wiki for documentation.