[clamav-users] Sigtool parsing issues

Jack jack at malwarefor.me
Mon Aug 15 11:25:53 EDT 2016


Great, thanks. Here is the output with ‘—debug’:

LibClamAV debug: Initialized 0.99.2 engine
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: OLE2 magic failed!
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Phishcheck cleaned up

To note, the document opens fine in Microsoft Word, and oletools has no issues dumping out the macros.

Best,

Jack
> On Aug 15, 2016, at 9:19 AM, Steve Basford <steveb_clamav at sanesecurity.com> wrote:
> 
> 
> On Mon, August 15, 2016 3:50 pm, Jack wrote:
>> Hello,
>> 
>> 
> 
>> 
>> Can someone take a look and determine why there are passing issues?
> Hi Jack,
> 
> add --debug on the end... eg... might give you a bit more info...
> 
> sigtool --vba "287DD777DB20BE14F2DD0B9952BECF41.xxx" --debug
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
> 
> 
> Cheers,
> 
> Steve
> Web : sanesecurity.com
> Twitter: @sanesecurity
> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list