and what about "You can also use sigtool --find-sigs to find the
signature that it's reporting and isolate it"? why does it need 5 emails
for everything piece by piece?
Am 12.07.2017 um 15:50 schrieb Srinivasreddy R:
Hi Maarte,
Thank you for the reply .
I have extracted the tar file ,checked for md5 hash of the infected file in
the hash DB but its not present .
clamscan -i ./
./newdat3.log: Win.Exploit.Shellcode-2 FOUND
./malware.zip: Eicar-Test-Signature FOUND
./scan19.tar.gz: Win.Exploit.Shellcode-2 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6300275
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 6
Infected files: 3
Data scanned: 10.04 MB
Data read: 8.23 MB (ratio 1.22:1)
Time: 8.070 sec (0 m 8 s)
#md5sum ./newdat3.log
38e85119953076c904fd2105dfcb6cdb ./newdat3.log
#grep -irn "38e85119953076c904fd2105dfcb6cdb" ./blacklist_md5
no output .
Am i missing something .
thanks
srinivas
On Wed, Jul 12, 2017 at 6:30 PM, Maarten Broekman <
maarten.broek...@gmail.com> wrote:
Sorry for the double reply...
You can also use sigtool --find-sigs to find the signature that it's
reporting and isolate it.
On Wed, Jul 12, 2017 at 8:59 AM, Maarten Broekman <
maarten.broek...@gmail.com> wrote:
If the tarball doesn't match the MD5 hash then it's likely that a file
within the tarball matches the malicious MD5. ClamAV looks at all the
files
within tarballs and zip files individually as well as the tarball as a
whole.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
