Actually I generate signatures from libraries, to scan executables for beeing statically linked to that library. My actual approach is to read out the .text section and generate a byte sequence for every function with placeholders.
For little version steps of the library there are many false positives with the clamscan from ClamAV.
Is there a better approach, to generate signatures for libraries and detect with ClamAV afterwards?