[clamav-users] [ext] More info about detected virus
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed Jun 8 15:25:12 UTC 2022
* Zvi Kave via clamav-users <clamav-users at lists.clamav.net>:
> Hi,
>
> Where can I find more information about ClamAV detected virus like
> Win.Trojan.N-68
>
> or another name ?
You can decode the signature using this command:
# sigtool -fWin.Trojan.N-68 | sigtool --decode-sigs
Basically it finds an email containing a BASE64 encoded "readme.exe"
using the content type "audio/x-wav"... Maybe this helps:
VIRUS NAME: Win.Trojan.N-68
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
REMOVED A MIME BOUNDARY HERE
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt at charite.de
https://www.charite.de
More information about the clamav-users
mailing list