[clamav-users] Sigtool parsing issues
Jack
jack at malwarefor.me
Mon Aug 15 15:25:53 UTC 2016
Great, thanks. Here is the output with ‘—debug’:
LibClamAV debug: Initialized 0.99.2 engine
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: OLE2 magic failed!
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Phishcheck cleaned up
To note, the document opens fine in Microsoft Word, and oletools has no issues dumping out the macros.
Best,
Jack
> On Aug 15, 2016, at 9:19 AM, Steve Basford <steveb_clamav at sanesecurity.com> wrote:
>
>
> On Mon, August 15, 2016 3:50 pm, Jack wrote:
>> Hello,
>>
>>
>
>>
>> Can someone take a look and determine why there are passing issues?
> Hi Jack,
>
> add --debug on the end... eg... might give you a bit more info...
>
> sigtool --vba "287DD777DB20BE14F2DD0B9952BECF41.xxx" --debug
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
>
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Twitter: @sanesecurity
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list