[clamav-users] Win.Trojan.URLspoof-2 trigger source?
Al Varnell
alvarnell at mac.com
Thu Dec 8 20:48:40 UTC 2016
On Thu, Dec 08, 2016 at 10:17 AM, Jay Gattuso wrote:
>
> (1) What's the signature trigger for Win.Trojan.URLspoof-2?
You can find any current signature using <http://clamav-du.securesites.net/cgi-bin/clamgrok>
or
$ sigtool --find Win.Trojan.URLspoof-2 | sigtool --decode-sigs
VIRUS NAME: Win.Trojan.URLspoof-2
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
href="{WILDCARD_ANY_STRING}%00@{WILDCARD_ANY_STRING}">{WILDCARD_ANY_STRING}</
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20161208/d75bf4ec/attachment.bin>
More information about the clamav-users
mailing list