Hi there,
On Thu, 9 Feb 2017, Brad Scalio wrote:
Clamscan found a PE "visor.exe.svn-base" ... Win.Trojan.Agent-793284 FOUND.
...
11 of 56 scanners detect a signature, however the file in question is on a
linux system, and hasn't been touched since 2010, and so I am not too
worried as ...
It w
Thanks much.
On Thu, Feb 9, 2017 at 8:55 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Thu, February 9, 2017 1:12 pm, Brad Scalio wrote:
> > Clamscan found a PE "visor.exe.svn-base" that matched
> > Win.Trojan.Agent-793284 FOUND.
> >
> > Is there a way, or an online tutorial,
On Thu, February 9, 2017 1:12 pm, Brad Scalio wrote:
> Clamscan found a PE "visor.exe.svn-base" that matched
> Win.Trojan.Agent-793284 FOUND.
>
> Is there a way, or an online tutorial, or some other information to
> decompose the signature and the file easily to determine if it's a false
> positiv
$ sigtool --find Win.Trojan.Agent-793284
[main.mdb] 28672:f380d36c6d636f50392e83fb58fb8a59:Win.Trojan.Agent-793284
Since it's in the main database, it's relatively old.
It's looking for a file of size 28672 with the MD5 hash shown.
If it had been a more complex signature, then sigtool --find
|s
Clamscan found a PE "visor.exe.svn-base" that matched
Win.Trojan.Agent-793284 FOUND.
That said, ran it through virustotal.com with results here
https://goo.gl/flJl6j
I know pasting a shortened URL in a AV mailing list :-)
11 of 56 scanners detect a signature, however the file in question is on a