Nathanwoodburn.github.io/libraries/plugins/phpMussel/vault/signatures/switch.dat
2021-08-30 15:06:36 +10:00

48 lines
3.2 KiB
Plaintext

phpMussel switch file.
== Sets flags for ignoring some certain ClamAV signature files ==
FD-RX:377f068[23]002de218:A:8;infectable=false
FD:252150532d41646f62652d:A:11;infectable=false
FD:28546869732066696c65206d75737420626520636f6e76657274656420776974682042696e48657820342e3029:A:45;infectable=false
FD:2e524d46:A:4;infectable=false
FD:2f5247420a49440affffffffffffffffffffffffffffffffffffffffffffffff:0:128;infectable=false
FD:494433:A:3;infectable=false
FD:4f676753:A:4;infectable=false
FD:5349502d48495420285349502f48:A:14;infectable=false
FD:53514c69746520666f726d6174203300:A:16;infectable=false
FD:53594d430100:A:6;infectable=false
FD:d9d505f920a163d7:A:8;infectable=false
FD:fffb90:A:3;infectable=false
== Assists with determining potential file content ==
$fileswitch:unassigned;FD:4d5a:A:2;fileswitch=pefile
$fileswitch:unassigned;FD-RX:(cafebabe|cafed00d|cefaedfe|cffaedfe|feedface|feedfacf):A:4;fileswitch=java
$fileswitch:unassigned;FD:494433:A:3;fileswitch=mp3
$fileswitch:unassigned;FD:fffb90:A:3;fileswitch=mp3
$fileswitch:unassigned;FD-NORM-RX:23212f7573722f(6c6f63616c2f)?62696e2f(656e76)?7065726c:A:24;fileswitch=perl
$fileswitch:unassigned;FD:43723234:A:4;fileswitch=chrome
$fileswitch:unassigned;FD:4c00000001140200:A:8;fileswitch=lnk
$fileswitch:unassigned;FD:d0cf11:A:3;fileswitch=docfile
$fileswitch:unassigned;FD-NORM-RX:23212f7573722f(6c6f63616c2f)?62696e2f(656e76)?707974686f6e:A:26;fileswitch=py
$fileswitch:unassigned;FD-NORM:6372656174656f626a656374;fileswitch=vb
$fileswitch:unassigned;FD-NORM:406563686f;fileswitch=bat
$fileswitch:unassigned;FD-NORM-RX:3c736372697074.{0,128}(6c616e67756167653d2[27]76627363726970742[27]|747970653d2[27]746578742f76627363726970742[27]);fileswitch=vb
$fileswitch:unassigned;FD-NORM-RX:3c736372697074.{0,128}(6c616e67756167653d2[27]6a6176617363726970742[27]|747970653d2[27]746578742f6a6176617363726970742[27]);fileswitch=js
$fileswitch:unassigned;FD-NORM-RX:3c25406c616e67756167653d(2[27])?76627363726970742e656e636f6465;fileswitch=vb
$fileswitch:unassigned;FD-NORM-RX:23212f7573722f(6c6f63616c2f)?62696e2f(656e76)?72756279:A:24;fileswitch=ruby
$fileswitch:unassigned;FN:\.([Bb][Aa][Tt]|[Cc][Mm][Dd]|[Bb][Tt][Mm])$;fileswitch=bat
$fileswitch:unassigned;FN:\.([Vv][Bb].{0,3}|[Ww][Ss][CcFf]|[Hh][Tt][Aa]?[Mm]?[Ll]?)$;fileswitch=vb
$fileswitch:unassigned;FN:\.[Mm][Pp].$;fileswitch=mp3
$fileswitch:unassigned;FD:3c25:A:2;fileswitch=asp
$fileswitch:unassigned;FN:\.([Aa][Uu][Tt][Oo][Rr][Uu][Nn]|[Ii][Nn][Ff]|[Ii][Nn][Ii]|[Cc][Ff][Gg])$;fileswitch=inf
$fileswitch:unassigned;FN:\.[Aa][Ss][Pp].?$;fileswitch=asp
$fileswitch:unassigned;FN:\.[Jj][Ss]([Pp][Xx]?|[Oo][Nn])?$;fileswitch=js
$fileswitch:unassigned;FN:\.[Pp][Yy].?$;fileswitch=py
$fileswitch:unassigned;FN:\.[Jj][Aa]([Vv][Aa]|[Rr])$;fileswitch=java
$fileswitch:unassigned;FN:\.[Pp]([Ee][Rr])?[Ll]$;fileswitch=perl
$fileswitch:unassigned;FN:\.[Cc][Gg][Ii]$;fileswitch=cgi
$fileswitch:unassigned;FN:\.([Rr][Uu]?[Bb][WwYy]?|[Gg][Ee][Mm])$;fileswitch=ruby
$fileswitch:unassigned;FN:\.([Cc][Vv][Dd]|[Ii][Nn][Cc]|[Mm][Dd]|[Tt][Xx][Tt])$;fileswitch=ignore
$fileswitch:unassigned;FD-RX:(1f8b|425a68|504b|52617221|7f454c46):A:4;fileswitch=vt_interest
$fileswitch:unassigned;FD:7801:A:2;FD:6b6f6c79:-512;fileswitch=vt_interest