[Community-sigs] Win.Virus.Virut
Arnaud Jacques / SecuriteInfo.com
webmaster at securiteinfo.com
Wed Dec 7 01:55:43 EST 2016
Hello sigmakers,
# sigtool --unpack=/var/lib/clamav/daily.cld
# grep Win.Virus.Virut *|wc -l
22955
# grep -l Win.Virus.Virut *
daily.hdb
daily.hsb
There is near 23k hash based signatures to detect this polymorphic file
infector virus.
Hash based signature is not recommended to detect a polymofic virus.
Is there a way to detect it via ndb, ldb, or bc ?
I tried with no success. Cisco team : do you have any clue ?
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
More information about the Community-sigs
mailing list