Cisco Blogs
Share

SigAnalyzer: Signature analysis with CASC


September 13, 2018 - 0 Comments

Executive summary

ClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV pattern signatures. We have enhanced this plugin to also analyze these signatures. The plugin highlights matching parts in a binary when its given a particular signature. This function is helpful when evaluating automatically generated signatures, e.g., from the BASS framework. As a larger number of signatures is automatically generated, it becomes ever more important to gain a quick understanding about the effects of these signatures. This functionality will allow us to check the accuracy of our signatures faster, and allow us to deliver a better product to our users.

You can read the the complete post and see the associated video on the Clam AV blog

Tags:
Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.