Bump for visibility. I figure someone from your team should get in touch
with him, since it is not exactly an FP report. Maybe he can still submit
it as FP. Don't know.
On Tue, May 2, 2017 at 10:05 PM, Rudy Stebih wrote:
> Hi Folks,
> I've been getting the
On 05/03/2017 11:38 AM, Al Varnell wrote:
> Not sure what you mean by "MD5 match" but the signature is a complex logical
> one, not a hash:
That was the answer to Rafael Ferreira asking if I validated the files'
checksums to match both on Linux + Windows.
Yes, I did! and the MD5
Not sure what you mean by "MD5 match" but the signature is a complex logical
one, not a hash:
> $ sigtool --find Win.Dropper.Gephys-6117417-0|sigtool --decode-sig
> VIRUS NAME: Win.Dropper.Gephys-6117417-0
> TDB: Engine:51-255,Target:1
> LOGICAL EXPRESSION: 0&1&2&3&4&5&6&7&8&9
> * SUBSIG ID 0
Thanks for your replies!
On 05/03/2017 02:18 AM, Joel Esler (jesler) wrote:
> First thing I notice is that you are running two different versions of
I know, but:
*) v0.99.1 is the most recent version of ClamWin, so I can't go higher
*) ClamWin also detected the virus with
#include // created 03/05/2017 09:23
> Foxhole_filename.cdb etc. use this sort of thing...
before asking I read carefully the manual (signatures.pdf) and peeked in
other CDB rules, but I did not notice it.. sorry
On Wed, May 3, 2017 8:19 am, kionez wrote:
> Hi all,
> I wonder how I can use a case-insensitive FilenameRegex in signatures
> based on container metadata.
> I.E.: if I would like to match "word", "Word" and "worD" (abd so on), my
> rule will be something like:
I wonder how I can use a case-insensitive FilenameRegex in signatures
based on container metadata.
I.E.: if I would like to match "word", "Word" and "worD" (abd so on), my
rule will be something like:
Is there a way to