On Fri, Feb 10, 2017 at 04:44 AM, Brad Scalio wrote:
>
> Thanks for all the help and not telling me to RTFM or "Google it" which is
> likely what my response would've been to my question.
>
> I find the sigtool not very helpful at times, piping the find-sigs to
> --decode-sigs gives little
Thanks for all the help and not telling me to RTFM or "Google it" which is
likely what my response would've been to my question.
I find the sigtool not very helpful at times, piping the find-sigs to
--decode-sigs gives little information, I've only gotten things like:
ERROR: decodesig: Invalid
Hi there,
On Thu, 9 Feb 2017, Brad Scalio wrote:
Clamscan found a PE "visor.exe.svn-base" ... Win.Trojan.Agent-793284 FOUND.
...
11 of 56 scanners detect a signature, however the file in question is on a
linux system, and hasn't been touched since 2010, and so I am not too
worried as ...
It
Thanks much.
On Thu, Feb 9, 2017 at 8:55 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Thu, February 9, 2017 1:12 pm, Brad Scalio wrote:
> > Clamscan found a PE "visor.exe.svn-base" that matched
> > Win.Trojan.Agent-793284 FOUND.
> >
> > Is there a way, or an online tutorial,
On Thu, February 9, 2017 1:12 pm, Brad Scalio wrote:
> Clamscan found a PE "visor.exe.svn-base" that matched
> Win.Trojan.Agent-793284 FOUND.
>
> Is there a way, or an online tutorial, or some other information to
> decompose the signature and the file easily to determine if it's a false
>
$ sigtool --find Win.Trojan.Agent-793284
[main.mdb] 28672:f380d36c6d636f50392e83fb58fb8a59:Win.Trojan.Agent-793284
Since it's in the main database, it's relatively old.
It's looking for a file of size 28672 with the MD5 hash shown.
If it had been a more complex signature, then sigtool --find
Clamscan found a PE "visor.exe.svn-base" that matched
Win.Trojan.Agent-793284 FOUND.
That said, ran it through virustotal.com with results here
https://goo.gl/flJl6j
I know pasting a shortened URL in a AV mailing list :-)
11 of 56 scanners detect a signature, however the file in question is on
