Use: sigtool --find <InfectionName> Non-hash signatures can be further interpreted using: sigtool --find <InfectionName>|sigtool --decode-sigs
Some of the newer signature formats are not fully decoded and I've been told that ByteCode signature results do not completely describe them. -Al- On Mon, Apr 24, 2017 at 02:25 AM, Andriani Tsag wrote: > > Hello, > Is there a way to see what a signature is specifically looking for (like when > clamav-du[.]securesites[.]net/cgi-bin/clamgrok was operational?) > Since it went down I haven’t been able to find something similar. > > I have received an alert about BC.Win.Exploit.CVE_2017_0060-6099223-1, but > without knowing that the signature is looking for, it is hard to further > analyse the file. > Thank you in advance for any input/advice. > > Kind Regards, > Andriani
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
