On Sep 27, 2010, at 4:24 PM, Alex wrote: > Hi, > >> In addition, there a brilliant Third-Party signature decoder here, which >> will easily show you the content of the Third-Party signature, >> just cut/paste or type in the signature name and it'll decode it: >> >> http://www.sanesecurity.com/clamav/decodesigs.htm > > Some time ago I was trying to decode a third-party signature, and this > above link was helpful. It seems I'm having difficulty with another > one, however. I tried the link above, and it doesn't seem to decode > it. I also came across a reference to doing this from the command > line, and receive an error using this method too: > > # sigtool -fwinnow.malware.47853 | sigtool --decode-sigs > ERROR: decodesig: Invalid or not supported signature format > TOKENS COUNT: 3 > > Isn't that the proper way to do this? Just running sigtool returns: > > # e42724a855ce18d0890c15f2805769db:15872:winnow.malware.47853
Alex, That's just a file sig eg MD5 file size, sig name. If you believe its a FP please send an email to me explaining why However you should view: http://www.virustotal.com/file-scan/report.html?id=9ef6116b0e3e1f663e48b76dc2957d97187f7414be0024b721569d67d378ff56-1285602198 btw, I now see basic clam detects it also so it will be removed on the next signature verification run. Tom _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
