[clamav-users] support

Steve Basford Mon, 05 Dec 2016 06:11:06 -0800

Hi,

Just had a twitter user contact me regarding an fp that he reported 1st
September (I don't have a hash sorry):



3986318.cbc:BC.Legacy.Exploit.CVE_2012_4148-1.{};Engine:70-255,Target:10;(0&2&1)
;0:255044462d312e;*:2f416e6e6f74;*:2f53756274797065{-5}2f576964676574

Secondly, I'm seeing this using 0.99.3... in debug logs when loading
daily.ldb:

LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Win.Trojan.CVE_2006_5857-1, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Win.Exploit.CVE_2009_2502-1, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Pdf.Exploit.Agent-1388609, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Pdf.Exploit.CVE_2012_4154-1, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Pdf.Exploit.CVE_2012_4157-1, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Pdf.Exploit.CVE_2011_4370-1, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Osx.Trojan.Iumler-1, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Pdf.Exploit.Dropped-2014, skipping
LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
Win.Trojan.Quarian-2, skipping

These seem be of the type...

,HanderType:CL_TYPE_PDF,Target:

not the usual....

,Container:CL_TYPE_PDF,Target:

-- 
Cheers,

Steve
Twitter: @sanesecurity

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] support

Reply via email to