Skip to main content

Posts

Showing posts from August, 2013

Microsoft Windows 2000 IIS 5.0 IPP Vulnerability

Exploit Microsoft Windows 2000 IIS 5.0 IPP ISAPI Vulnerability


Install And Configure Yara

Step1:To Install YARA on Ubuntu we need the PCRE and some libraries first:
sudo apt-get install libpcre3 libpcre3-dev Then we start downloading the YARA source code: $ wget http://yara-project.googlecode.com/files/yara-1.4.tar.gz  $ wget http://yara-project.googlecode.com/files/yara-python-1.4.tar.gz


Step2: Compile and install yara on your linux box.
a) cd yara-1.4
    chmod +x -R /root/Desktop/yara-1.4/*
   ./configure
    make
    make check
    make install

 b)cd ..
    cd yara-python-1.4
    python setup.py install




Step 3: Convert clamav database to yara
http://code.google.com/p/malwarecookbook/source/browse/trunk/3/3/clamav_to_yara.py?r=5

sigtool -u /var/lib/clamav/main.cvd                                     //decompress the database
python clamav_to_yara.py -f main.ndb -o clamav.yara    //convert clamav to yara

Step 4:For packing signature(PEID tool uses these signature to detect type of packing) go to this site and copy packer signatures in a file .Now with the help of this file we can detect p…

Clamav Tutorial

Install Clamav And Create Signatures Step1: Install clamav in ubuntu by following simple steps given below:
Edit /etc/apt/sources.list and add a line like this to it:
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Then run apt-get update && apt-get install clamav
If you need clamd, you may also want to runapt-get install clamav-daemon

Step2:CVD (ClamAV Virus Database) is a digitally signed container that includes signature databases in various text formats. The header of the container is a 512 bytes long string with colon separated fields: ClamAV-VDB:build time:version:number of signatures:functionalitylevel required:MD5 checksum:digital signature:builder name:build time (sec)
sigtool --info displays detailed information about a given CVD file:

Signature formats:
MD5 The easiest way to create signatures for ClamAV is to use MD5 checksums, however this method can be only used against static malware.
MD5, PE section based You can create aMD5 signat…