Convert kaspersky virus signature to clamav

winairmvs · 09-28-2010, 08:35 AM

I was curious if anyone has attempted or successfully converted a kaspersky virus signature file to clamav signature? During a trial period using kaspersky anti virus for our web server I successfully petitioned them to write signatures for some nasty php web-shell hacks, and now that the trial period has expired I don't have the ability to scan for the files anymore (I know I am cheap!). The first hurdle would be finding the correct file, as their signatures are all done in hexadecimal format, and my knowledge for searching through that type of file is very limited. Any thoughts are appreciated.

Thanks

bomelia · 09-28-2010, 09:15 AM

Quote:

Originally Posted by winairmvs

I was curious if anyone has attempted or successfully converted a kaspersky virus signature file to clamav signature? During a trial period using kaspersky anti virus for our web server I successfully petitioned them to write signatures for some nasty php web-shell hacks, and now that the trial period has expired I don't have the ability to scan for the files anymore (I know I am cheap!). The first hurdle would be finding the correct file, as their signatures are all done in hexadecimal format, and my knowledge for searching through that type of file is very limited. Any thoughts are appreciated.

Thanks

Kaspersky supports Linux? Cool! Just buy it. They have great software (I only know them from the Windows world) and I lover their forum based support.

Mike

winairmvs · 09-28-2010, 09:52 AM

Quote:

Originally Posted by bomelia

Kaspersky supports Linux? Cool! Just buy it. They have great software (I only know them from the Windows world) and I lover their forum based support.

Mike

I want to! The problem is that scanning our entire web root (over 700 web customers worth of data) with kaspersky takes well over 15 hours and is very resource intensive. The clamav scanner takes approximately 4 hours to complete and does not kill my web server. Kaspersky's documentation is a bit sparse in the linux realm, which always turns me off to a product.

mostlyharmless · 09-28-2010, 03:25 PM

Quote:

I successfully petitioned them to write signatures for some nasty php web-shell hacks, and now that the trial period has expired I don't have the ability to scan for the files anymore (I know I am cheap!).

Not to rain on your parade, but if you succeeded in converting the data you would (1) possibly be violating your use agreement (2) dissuade them from offering linux products in the future (3) discourage other companies from participating in linux programs.

I'm not sure if this thread violates LQ rules.

TobiSGD · 09-28-2010, 03:53 PM

I don't think that it is a good idea to let your customers be unprotected to save money and ressources. If I were your customer and this would come to my knowledge, I would already leave to a different hoster.

winairmvs · 09-29-2010, 08:13 AM

Good point that there could be a product violation of some kind in using their code, I had not thought of that. Kaspersky it is!

(Tobi relax my friend, if you didn't read my posts entirely I was not planning on leaving anyone unprotected.)

TobiSGD · 09-29-2010, 09:34 AM

Quote:

Originally Posted by winairmvs

and now that the trial period has expired I don't have the ability to scan for the files anymore

Doesn't this mean, that they are unprotected?

Matir · 10-11-2010, 09:53 PM

Just to keep everyone on the right side of the copyrights, I'm going to go ahead and close this thread. I know no malicious intent was implied in asking, but I don't want to tempt anyone.