Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: How to add custom signature for cpanel clamav  (Read 4233 times)

0 Members and 1 Guest are viewing this topic.

varghesepa

  • Guest
How to add custom signature for cpanel clamav
« on: March 29, 2017, 06:50:20 pm »
Create hex-dump of the malicious file using sigtool.

Code: [Select]
cat filename | sigtool --hex-dump | head -c 2048 > /usr/local/cpanel/3rdparty/share/clamav/customsig.ndb
Update the prefix content as follows.

Quote
Name:Type:Offset:HEX_OUTPUT

For example:
Trojan.PHP.WebShell:0:*:762317478314832483........

Give ownership and restart the clamd service

Code: [Select]
chown clamav.clamav  /usr/local/cpanel/3rdparty/share/clamav/customsig.ndb
/scripts/restartsrv_clamd
Test using the below command

Code: [Select]
/usr/local/cpanel/3rdparty/bin/clamscan /path/to/malicious/file
 :D ;D


Logged
Pages: [1]   Go Up
« previous next »