[clamav-users] Signature analysis

Al Varnell alvarnell at mac.com
Mon Apr 24 05:41:56 EDT 2017

Use: sigtool --find <InfectionName>

Non-hash signatures can be further interpreted using: sigtool --find <InfectionName>|sigtool --decode-sigs

Some of the newer signature formats are not fully decoded and I've been told that ByteCode signature results do not completely describe them.


On Mon, Apr 24, 2017 at 02:25 AM, Andriani Tsag wrote:
> Hello,
> Is there a way to see what a signature is specifically looking for (like when clamav-du[.]securesites[.]net/cgi-bin/clamgrok was operational?)
> Since it went down I haven’t been able to find something similar.
> I have received an alert about BC.Win.Exploit.CVE_2017_0060-6099223-1, but without knowing that the signature is looking for, it is hard to further analyse the file.
> Thank you in advance for any input/advice.
> Kind Regards,
> Andriani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170424/64d401ef/attachment.bin>

More information about the clamav-users mailing list