Re: [clamav-users] How to find string for a signature?

Kees, > $ clamscan --detect-pua us-cert-message > us-cert-message: PUA.Win.Trojan.Xored-1 FOUND > > --- SCAN SUMMARY --- > Known viruses: 6525318 > Engine version: 0.99 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.16 MB > Data read: 0.10 MB (ra

Re: [clamav-users] How to find string for a signature?

On Sat, 21 Oct 2017, Eric Tykwinski wrote: >clamscan TA17-293A_\ Advanced\ Persistent\ Threat\ Activity\ Targeting\ >Energy\ and\ Other\ Critical\ Infrastructure\ Sectors.eml >TA17-293A_ Advanced Persistent Threat Activity Targeting Energy and Other >Critical Infrastructure Sectors.eml: OK > >--

Re: [clamav-users] How to find string for a signature?

Kristen, > > Thanks Al. I went ahead and injected this quarantined message for > delivery as it is a big HTML email that can be difficult to read from a > BASH shell. It appears they are showing samples of code from some > Windows exploit, or something. I didn't review it that long. I bet the > s

Re: [clamav-users] How to find string for a signature?

On 10/20/17 8:04 PM, Al Varnell wrote: > Are you certain that it is actually from CERT from the header information or > is that just the "From: " address which can easily be faked? You can > determine a lot from submitting the e-mail raw source to > . Yes, I would say t

Re: [clamav-users] How to find string for a signature?

Are you certain that it is actually from CERT from the header information or is that just the "From: " address which can easily be faked? You can determine a lot from submitting the e-mail raw source to . Signature details: sigtool -fPUA.Win.Trojan.Xored-1|sigtool --deco

[clamav-users] How to find string for a signature?

List, I just received an email from ncas.us-cert.gov that was caught by clamd reporting PUA.Win.Trojan.Xored-1 signature. This email is from the US Department of Homeland Security. I suppose this is a case of a false positive. How does one find the string triggering this event that I might know a