On Tue, March 28, 2017 1:23 pm, Reindl Harald wrote: > > > Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi: > >> Hello. >> >> >> Regarding your fist question you can execute the following >> tools from the command line: >> >> sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool >> --decode-sigs >> > > Heuristics are *not* signatures
Except in this case... it's was a .cdb signature which *was* called Heuristics.Filetype.ZipWithJS-6162396-0: It was dropped... http://lists.clamav.net/pipermail/clamav-virusdb/attachments/20170327/a00f1950/attachment.ksh Dropped Detection Signatures: Heuristics.Filetype.ZipWithJS-6162396-0 So, slightly confusing... but that's why sigtool --decode-sigs worked: VIRUS NAME: Heuristics.Filetype.ZipWithJS-6136370-0 CONTAINER TYPE: CL_TYPE_ZIP CONTAINER SIZE: ANY FILENAME REGEX: \.[A-Za-z]{3}\.js$ COMPRESSED FILESIZE: ANY UNCOMPRESSED FILESIZE: ANY ENCRYPTION: IGNORED FILE POSITION: 1 CRC SUM: ANY -- Cheers, Steve Twitter: @sanesecurity _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml