March 6, 2009 11:15

Generating Virus Signatures - The Automated Way

A common characteristic of malware distributed as an executable is to use a PE packer, such as UPX or Petite, to compress and obfuscate the malicious content. Once a file has been determined to be malware by our analysts and is using a PE packer that ClamAV does not currently unp

October 24, 2008 15:43

Why 114 rules for MS08-067?

With the release of Sourcefire's coverage for MS08-067, I've heard the same question repeatedly. "Why 114 rules? They were able to do it with just one." Since I wrote these rules, I'm the best to explain my solution. I will not be going over the explicit na