[clamav-users] Signature analysis

Al Varnell alvarnell at mac.com
Mon Apr 24 05:41:56 EDT 2017


Use: sigtool --find <InfectionName>

Non-hash signatures can be further interpreted using: sigtool --find <InfectionName>|sigtool --decode-sigs

Some of the newer signature formats are not fully decoded and I've been told that ByteCode signature results do not completely describe them.

-Al-

On Mon, Apr 24, 2017 at 02:25 AM, Andriani Tsag wrote:
> 
> Hello,
> Is there a way to see what a signature is specifically looking for (like when clamav-du[.]securesites[.]net/cgi-bin/clamgrok was operational?)
> Since it went down I haven’t been able to find something similar.
> 
> I have received an alert about BC.Win.Exploit.CVE_2017_0060-6099223-1, but without knowing that the signature is looking for, it is hard to further analyse the file.
> Thank you in advance for any input/advice.
> 
> Kind Regards,
> Andriani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20170424/64d401ef/attachment.bin>


More information about the clamav-users mailing list