[clamav-users] Txt.Trojan.Kryptik-6887991-0 FOUND
Dennis Peterson
dennispe at inetnw.com
Wed Mar 13 07:14:50 UTC 2019
That does not appear to be a well anchored regex.
dp
On 3/12/19 9:15 PM, Al Varnell via clamav-users wrote:
> All I can add is some technical information about the signature. I have no
> idea what kind of infection it causes and on what platform.
>
> The signature was added to the database by daily - 25386 earlier today as an
> .ldb. Looking for a single ascii string in any type of file:
>
>> sigtool -fTxt.Trojan.Kryptik-6887991-0|sigtool --decode-sigs
>> VIRUS NAME: Txt.Trojan.Kryptik-6887991-0
>> TDB: Engine:51-255,FileSize:262144-1048576,Target:0
>> LOGICAL EXPRESSION: 0
>> * SUBSIG ID 0
>> +-> OFFSET: ANY
>> +-> SIGMOD: NONE
>> +-> DECODED SUBSIGNATURE:
>> 1/g,"");if(!/^[-_a-zA-Z0-9#.:* ,>+~[\]()=^$|]+$/.test(c))throw E
More information about the clamav-users
mailing list