Re: [Clamav-users] PUA.HTML.Infected.WebPage-1

Dennis Peterson Thu, 03 Jun 2010 06:24:53 -0700

On 6/3/10 5:57 AM, Steve Basford wrote:


You can use 'sigtool -fPUA.HTML.Infected.WebPage' to find and print the
sigs, no need to unpack.


Also works for:

sigtool -fSanesecurity.Phishing.Fake.13780 | sigtool --decode-sigs

Could a --database type option be added to sigtool, for loading databases
outside the normal DatabaseDirectory area from the clamd.conf file?

Cheers,

Steve
Sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


This is brute force but works:

grep -h Sanesecurity.Phishing.Fake.13780 * 2>/dev/null |sigtool --decode-sigs

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] PUA.HTML.Infected.WebPage-1

Reply via email to