[clamav-users] Signature analysis
Al Varnell
alvarnell at mac.com
Mon Apr 24 05:41:56 EDT 2017
Use: sigtool --find <InfectionName>
Non-hash signatures can be further interpreted using: sigtool --find <InfectionName>|sigtool --decode-sigs
Some of the newer signature formats are not fully decoded and I've been told that ByteCode signature results do not completely describe them.
-Al-
On Mon, Apr 24, 2017 at 02:25 AM, Andriani Tsag wrote:
>
> Hello,
> Is there a way to see what a signature is specifically looking for (like when clamav-du[.]securesites[.]net/cgi-bin/clamgrok was operational?)
> Since it went down I haven’t been able to find something similar.
>
> I have received an alert about BC.Win.Exploit.CVE_2017_0060-6099223-1, but without knowing that the signature is looking for, it is hard to further analyse the file.
> Thank you in advance for any input/advice.
>
> Kind Regards,
> Andriani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170424/64d401ef/attachment.bin>
More information about the clamav-users
mailing list