Re: [clamav-users] How to decode virus signature

Maarten Broekman via clamav-users Thu, 10 Sep 2020 19:09:10 -0700

You can pipe that to sigtool --decode-sigs to see what it is.

What I usually use is:
$ sigtool --find-sigs BAD_RULE | awk '{ print $NF }' | sigtool --decode-sigs


On Thu, Sep 10, 2020 at 9:55 PM Olivier via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
>
> I have a virus signature that triggers on some of my daily system
> security emails. This is not an official ClamAV signature, so my purpose
> is not to complain here.
>
> The signature file is a .ndb format and the specific signature is:
>
> BAD_RULE:0:*:3139332e3232382e39312e313233
>
> How can I decode the meaning of the 3139332e3232382e39312e313233 part?
>
> TIA,
>
> Olivier
> --
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to decode virus signature

Reply via email to