Admin-Ahead Community

Linux => Control Panels => cPanel => Topic started by: varghesepa on March 29, 2017, 06:50:20 pm

Title: How to add custom signature for cpanel clamav
Post by: varghesepa on March 29, 2017, 06:50:20 pm: Create hex-dump of the malicious file using sigtool.

Code: [Select]
cat filename | sigtool --hex-dump | head -c 2048 > /usr/local/cpanel/3rdparty/share/clamav/customsig.ndb
Update the prefix content as follows.

Quote
Name:Type:Offset:HEX_OUTPUT

For example:
Trojan.PHP.WebShell:0:*:762317478314832483........

Give ownership and restart the clamd service

Code: [Select]
chown clamav.clamav /usr/local/cpanel/3rdparty/share/clamav/customsig.ndb /scripts/restartsrv_clamd
Test using the below command

Code: [Select]
/usr/local/cpanel/3rdparty/bin/clamscan /path/to/malicious/file
:D ;D

SMF 2.0.15 | SMF © 2017, Simple Machines