Evading signatures of antivirus (AV) products is one of the most common tasks for both bad guys (such as malware writers) and good guys (such as penetration testers). File‐format‐aware signatures, such as those specific to portable executable (PE) files, do not rely on a single detected evidence in a fixed‐size buffer at a specific offset. The same applies to Microsoft Office‐supported file formats, such as OLE2 containers and RTF files, and too many other file formats, such as Portable Document Format (PDF), Flash, and so on. This chapter discusses some approaches that we can use to bypass signatures for specific file formats. It looks at some generic detection signature used by Kaspersky Anti‐Virus, at the end of January 2015, for the malware it calls <i>Exploit.MSWord.CVE‐2010‐ 3333.cp</i>. The chapter explains how to evade antivirus detection for PE, JavaScript, and PDF files.