Dear Clamav users, Today I got a spam email, containing .xz file in its attachment. I downloaded it, and unzipped it, then I found .exe file inside the file.
I am still learning to help create signatures for clamav here, so please be kind and help me. My question is, what kind of signature type would be best to fit for this kind of file? Is it a .hdb or .ndb, or maybe both of them, or other file type? And why? I have checked this file in virustotal and yes, it is a virus: https://www.virustotal.com/gui/file/0321f0286c254311930639a237888351d9423fd08d2b71fbe5fbcd9d71c584c2/detection And, I also have created a signature Returned_Swift Copy.ndb, kindly help me to review my signature attached here, whether I created the signature correctly or incorrectly? Thank you, Dismas Sent with [ProtonMail](https://protonmail.com) Secure Email.
Returned_Swift Copy.ndb
Description: Binary data
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
