Re: [clamav-users] Keymarble Yara rule?

On Sat 11/Aug/2018 23:11:07 +0200 Al Varnell wrote: > Here's the VirusTotal page on this file > > and it does show that ClamAV detects it as Win.Trojan.Agent-6641267-0 > which was just

Re: [clamav-users] Keymarble Yara rule?

I don't quite understand why you think it might not detect it. Text strings are not required to have an even number of digits. The hex equivalent to that string would be: {62 63 39 62 37 35 61 33 31 31 37 37 35 38 37 32 34 35 33 30 35 63 64 34 31 38 62 38 64 66 37 38 36 35 32 64 31 63 30 33

Re: [clamav-users] Keymarble Yara rule?

On Sat 11/Aug/2018 19:43:34 +0200 G.w. Haywood wrote: > Hi there, > > On Sat, 11 Aug 2018, Alessandro Vesely wrote: > > Re: Keymarble Yara rule? >>   4d 5a 74 68 69 73 20 69  73 20 61 20 64 75 6d 6d  |MZthis is a >> dumm| >> 0010  79 20 6b 65 79 6d 61 72  62 6c 65 20 66 69 6c 65 

Re: [clamav-users] Keymarble Yara rule?

Le 12/08/2018 à 13:59, Alessandro Vesely a écrit : On Sat 11/Aug/2018 19:43:34 +0200 G.w. Haywood wrote: Hi there, On Sat, 11 Aug 2018, Alessandro Vesely wrote: Re: Keymarble Yara rule?   4d 5a 74 68 69 73 20 69  73 20 61 20 64 75 6d 6d  |MZthis is a dumm| 0010  79 20 6b 65 79

[clamav-users] nautilus-actions: is my command for clamscan, correct?

Hi Scott. thanks for your suggestion. The thing is: I really don´t want to use clamtk for the purpose. And the nautilus-actions context-menu entry  for "parameter"   -fa 'Monospace' -fs 12 -hold -e clamscan %f works really well for files. What I wanted to know is whether to  alter that entry