Threat Research

ClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV pattern signatures. We have enhanced this plugin to also analyze these signatures. The plugin highlights matching parts in a binary when its given a particular signature. This function is helpful when evaluating automatically generated signatures, e.g., from the BASS framework. As a larger number of signatures is automatically generated, it becomes ever more important to gain a quick understanding about the effects of these signatures. This functionality will allow us to check the accuracy of our signatures faster, and allow us to deliver a better product to our users.

You can read the the complete post and see the associated video on the Clam AV blog


Tags:

Attachments

  • Original document
  • Permalink

Disclaimer

Cisco Systems Inc. published this content on 13 September 2018 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 13 September 2018 15:42:03 UTC