On 9/27/10 1:24 PM, Alex wrote:
Hi,
In addition, there a brilliant Third-Party signature decoder here, which
will easily show you the content of the Third-Party signature,
just cut/paste or type in the signature name and it'll decode it:
http://www.sanesecurity.com/clamav/decodesigs.htm
Some time ago I was trying to decode a third-party signature, and this
above link was helpful. It seems I'm having difficulty with another
one, however. I tried the link above, and it doesn't seem to decode
it. I also came across a reference to doing this from the command
line, and receive an error using this method too:
# sigtool -fwinnow.malware.47853 | sigtool --decode-sigs
ERROR: decodesig: Invalid or not supported signature format
TOKENS COUNT: 3
Isn't that the proper way to do this? Just running sigtool returns:
# e42724a855ce18d0890c15f2805769db:15872:winnow.malware.47853
What you are seeing is a signature that is the md5 checksum of a file and that
file was included in a message as an attachment. On my server that signature was
found twice. The attachment file names were 88543cv.zip and 45739cv.zip, and the
messages were rejected. Check your milter logs.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
