Dear Clamav users,

Today I got a spam email, containing .xz file in its attachment. I downloaded it, and unzipped it, then I found .exe file inside the file.

I am still learning to help create signatures for clamav here, so please be kind and help me.

My question is, what kind of signature type would be best to fit for this kind of file? Is it a .hdb or .ndb, or maybe both of them, or other file type? And why?

I have checked this file in virustotal and yes, it is a virus: https://www.virustotal.com/gui/file/0321f0286c254311930639a237888351d9423fd08d2b71fbe5fbcd9d71c584c2/detection

And, I also have created a signature Returned_Swift Copy.ndb, kindly help me to review my signature attached here, whether I created the signature correctly or incorrectly?

Thank you,

Dismas