[clamav-users] Kindly help in create unofficial signature
Dismas Axel (Thomas)
dismasc at protonmail.com
Sun Sep 20 12:30:08 UTC 2020
Dear Clamav users,
Today I got a spam email, containing .xz file in its attachment. I downloaded it, and unzipped it, then I found .exe file inside the file.
I am still learning to help create signatures for clamav here, so please be kind and help me.
My question is, what kind of signature type would be best to fit for this kind of file? Is it a .hdb or .ndb, or maybe both of them, or other file type? And why?
I have checked this file in virustotal and yes, it is a virus: https://www.virustotal.com/gui/file/0321f0286c254311930639a237888351d9423fd08d2b71fbe5fbcd9d71c584c2/detection
And, I also have created a signature Returned_Swift Copy.ndb, kindly help me to review my signature attached here, whether I created the signature correctly or incorrectly?
Thank you,
Dismas
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200920/1fa11bb6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 01-chronology_received_xz_file.png
Type: image/png
Size: 12884 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200920/1fa11bb6/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 02-chronology_unzipped.png
Type: image/png
Size: 11754 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200920/1fa11bb6/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Returned_Swift Copy.ndb
Type: application/octet-stream
Size: 2081 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200920/1fa11bb6/attachment.obj>
More information about the clamav-users
mailing list