[clamav-users] How to decode virus signature
Maarten Broekman
maarten.broekman at gmail.com
Fri Sep 11 02:07:36 UTC 2020
You can pipe that to sigtool --decode-sigs to see what it is.
What I usually use is:
$ sigtool --find-sigs BAD_RULE | awk '{ print $NF }' | sigtool --decode-sigs
On Thu, Sep 10, 2020 at 9:55 PM Olivier via clamav-users <
clamav-users at lists.clamav.net> wrote:
> Hi,
>
> I have a virus signature that triggers on some of my daily system
> security emails. This is not an official ClamAV signature, so my purpose
> is not to complain here.
>
> The signature file is a .ndb format and the specific signature is:
>
> BAD_RULE:0:*:3139332e3232382e39312e313233
>
> How can I decode the meaning of the 3139332e3232382e39312e313233 part?
>
> TIA,
>
> Olivier
> --
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200910/7794f9aa/attachment.htm>
More information about the clamav-users
mailing list