I found a rejection based on vhxtdQ.sigs.InterServer.net.SHA256.21881 in my mail.log and wanted to check what the signature searches for.
So I took out ye olde sigtool - and failed: # /usr/local/bin/sigtool --find-sigs vhxtdQ.sigs.InterServer.net.SHA256.21881 | /usr/local/bin/sigtool --decode-sigs ERROR: decodesig: Invalid or not supported signature format TOKENS COUNT: 3 # /usr/local/bin/sigtool --find-sigs vhxtdQ.sigs.InterServer.net.SHA256.21881 [interserver256.hdb] 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21:17174:vhxtdQ.sigs.InterServer.net.SHA256.21881 The source of which is: https://rbldata.interserver.net/interserver256.hdb looking at that file I realised that these signatures ar merely SHA256 checksums, so there's not much to decode. But should sigtool --decode-sigs really throw an error in that case? I'm using the official deb packages from clamav.net: # dpkg -l |fgrep clam ii clamav 1.2.0-1 amd64 ClamAV open source email, web, and end-point anti-virus toolkit. -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https://www.charite.de _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
