[clamav-users] how to find Html.Phishing.Auction-214
Hajo Locke
Hajo.Locke at gmx.de
Wed Mar 22 13:48:40 UTC 2017
Hello,
Am 22.03.2017 um 14:01 schrieb Steve Basford:
> On Wed, March 22, 2017 12:52 pm, Hajo Locke wrote:
>> Hello,
>>
>>
>> have an issue here with this signature. Html.Phishing.Auction-214 is found
> VIRUS NAME: Html.Phishing.Auction-214
>
> Here you go...
>
> TARGET TYPE: HTML
> OFFSET: *
> DECODED SIGNATURE:
> sein, weil sie ei[][][]nen fehler gemacht haben, als sie ihre details
> eingetragen habe
> n, oder dass das konto {WILDCARD_ANY_STRING(LENGTH>=1&&<=7)}berhaupt nicht
> aktua
> lisiert wurde
>
> remove [][][]
>
>
thank you steve. i could find the lines and removed them. How could you
decode this signature?
especially interesting is that virus was found in complete sql-file but
not in splitted subfiles. May be target type is ignored at filesize x?
complete sql file is 4.6mb
Thanks,
Hajo
More information about the clamav-users
mailing list