[clamav-users] Is there any documentation on what signatures mean?

Tilman Schmidt tschmidt at cardtech.de
Thu Jun 28 12:58:15 UTC 2018 

IMHO that doesn't answer the question.

When I see a message like:

/path/to/file: Win.Exploit.Unicode_Mixed-1 FOUND

sigtool can only tell me how that signature is defined, ie. what content
it considers malicious.

In order to decide on an appropriate course of action I'd like to know
what the perceived threat is, ie. *why* someone thought that a file
matching that particular signature would be malicious.
That's not something sigtool can provide.


Am 28.06.2018 um 13:22 schrieb Maarten Broekman:
> Answered
> 
> TL;Dr
> 
> Use sigtool to find and decode the signature. 
> 
> Sent from a tiny keyboard
> 
>> On Jun 28, 2018, at 06:57, Nikita Yerenkov-Scott <yerenkov.scott at gmail.com> wrote:
>>
>> Hello,
>>
>> A question on this matter exists on this Linux site:
>> https://askubuntu.com/questions/571342/clamav-virus-detections-documentation
>> However it never received an answer. So I am wondering if there is an
>> answer to that now or how things work? And if there are any plans to
>> regulate the signature names so that they are more regular and people
>> actually know what they mean. This would be highly useful especially
>> to those wanting to remove any trouble the viruses may or may not have
>> caused after ClamAV quarantines them.
>>
>>
>> Thanks,
>>
>> Nikita Yerenkov-Scott
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 

-- 
Tilman Schmidt
Head of System and Network Engineering

Tel. 0221 / 95 64 95 .417
Fax 0221 / 95 64 95 .999
e-Mail tschmidt at cardtech.de

cardtech
Card & POS Service GmbH
Richard-Byrd-Straße 37
50829 Köln
www.cardtech.de

AG Köln, HRB 20164
Geschäftsführer: Dr. Dietrich Gottwald, Christof Kohns, Jens Mahlke

More information about the clamav-users mailing list