[clamav-users] Signature analysis
alvarnell at mac.com
Mon Apr 24 05:41:56 EDT 2017
Use: sigtool --find <InfectionName>
Non-hash signatures can be further interpreted using: sigtool --find <InfectionName>|sigtool --decode-sigs
Some of the newer signature formats are not fully decoded and I've been told that ByteCode signature results do not completely describe them.
On Mon, Apr 24, 2017 at 02:25 AM, Andriani Tsag wrote:
> Is there a way to see what a signature is specifically looking for (like when clamav-du[.]securesites[.]net/cgi-bin/clamgrok was operational?)
> Since it went down I haven’t been able to find something similar.
> I have received an alert about BC.Win.Exploit.CVE_2017_0060-6099223-1, but without knowing that the signature is looking for, it is hard to further analyse the file.
> Thank you in advance for any input/advice.
> Kind Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3569 bytes
Desc: not available
More information about the clamav-users