[clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND

Dennis Peterson dennispe at inetnw.com
Wed Mar 13 03:14:50 EDT 2019


That does not appear to be a well anchored regex.

dp

On 3/12/19 9:15 PM, Al Varnell via clamav-users wrote:
> All I can add is some technical information about the signature. I have no 
> idea what kind of infection it causes and on what platform.
>
> The signature was added to the database by daily - 25386 earlier today as an 
> .ldb. Looking for a single ascii string in any type of file:
>
>> sigtool -fTxt.Trojan.Kryptik-6887991-0|sigtool --decode-sigs
>> VIRUS NAME: Txt.Trojan.Kryptik-6887991-0
>> TDB: Engine:51-255,FileSize:262144-1048576,Target:0
>> LOGICAL EXPRESSION: 0
>>  * SUBSIG ID 0
>>  +-> OFFSET: ANY
>>  +-> SIGMOD: NONE
>>  +-> DECODED SUBSIGNATURE:
>> 1/g,"");if(!/^[-_a-zA-Z0-9#.:* ,>+~[\]()=^$|]+$/.test(c))throw  E



More information about the clamav-users mailing list