24 lines
515 B
Markdown
24 lines
515 B
Markdown
|
# ClamAV
|
||
|
|
|
||
|
|
* Can be started with custom database or yara rules
|
||
|
|
|
||
|
|
## Hashes Database
|
||
|
|
* `*.hdb` is a database containing hashes. Can be customized and scanned against
|
||
|
|
|
||
|
|
## Yara Rules
|
||
|
|
|
||
|
|
* Custom `*.yara` rules can be set. An example
|
||
|
|
```yara
|
||
|
|
rule example {
|
||
|
|
meta:
|
||
|
|
author = "Gabe Newell"
|
||
|
|
description = "Look at how the Yara rule works with ClamAV"
|
||
|
|
strings:
|
||
|
|
$string = "a-string-found-inside-the-malicious-binary"
|
||
|
|
$file_signature = "magic-number-in-ascii"
|
||
|
|
condition:
|
||
|
|
#file_signature at 0 and $string
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|