On 6 Jan 2007 19:39:21 -0000, thesinoda (at) hotmail (dot) com [email concealed]
<thesinoda (at) hotmail (dot) com [email concealed]> wrote:
> Good day
>
> If you look at the end of your steged file you will notice it will end with 30 00 02 FF FF. So a simple HEX search will reveal all steged files.
>
According, to what you've written, I've created simple signature
for clamav:
<thesinoda (at) hotmail (dot) com [email concealed]> wrote:
> Good day
>
> If you look at the end of your steged file you will notice it will end with 30 00 02 FF FF. So a simple HEX search will reveal all steged files.
>
According, to what you've written, I've created simple signature
for clamav:
mkdir testing
cd testing
echo "Steganography:0:EOF-5:3000(00|01|02|03|04|05|06|07|08|09|0a|0b|0c|0d|0e
|0f)ffff"
> stego.ndb
this can be tested in following way:
for i in `seq -f %3.0f 0 255`;
do
perl -e 'print "A"x100' > test_$i;
printf "0: 3000 %02xff ff\n" $i | xxd -r >> test_$i;
done
and running clamav, against samples:
clamscan --database=clamav_stego.ndb .
[and later clamscan --database=clamav_stego.ndb /]
cheers,
--
main (int a, char *b[puts("Michal 'GiM' Spadlinski")]) {}
[ reply ]