On Mon, 27 Sep 2010 16:24:26 -0400 Alex <[email protected]> wrote:
> Hi, > > > In addition, there a brilliant Third-Party signature decoder here, > > which will easily show you the content of the Third-Party signature, > > just cut/paste or type in the signature name and it'll decode it: > > > > http://www.sanesecurity.com/clamav/decodesigs.htm > > Some time ago I was trying to decode a third-party signature, and this > above link was helpful. It seems I'm having difficulty with another > one, however. I tried the link above, and it doesn't seem to decode > it. I also came across a reference to doing this from the command > line, and receive an error using this method too: > > # sigtool -fwinnow.malware.47853 | sigtool --decode-sigs > ERROR: decodesig: Invalid or not supported signature format > TOKENS COUNT: 3 > > Isn't that the proper way to do this? Just running sigtool returns: > > # e42724a855ce18d0890c15f2805769db:15872:winnow.malware.47853 There is nothing to decode here. It is simply MD5:size:virusname. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
