Hello,
Am 22.03.2017 um 14:01 schrieb Steve Basford:
On Wed, March 22, 2017 12:52 pm, Hajo Locke wrote:
Hello,
have an issue here with this signature. Html.Phishing.Auction-214 is found
VIRUS NAME: Html.Phishing.Auction-214
Here you go...
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
sein, weil sie ei[][][]nen fehler gemacht haben, als sie ihre details
eingetragen habe
n, oder dass das konto {WILDCARD_ANY_STRING(LENGTH>=1&&<=7)}berhaupt nicht
aktua
lisiert wurde
remove [][][]
thank you steve. i could find the lines and removed them. How could you
decode this signature?
especially interesting is that virus was found in complete sql-file but
not in splitted subfiles. May be target type is ignored at filesize x?
complete sql file is 4.6mb
Thanks,
Hajo
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
