* Jonathan Lee via clamav-users <clamav-users@lists.clamav.net>: > instream(local): vhxtdQ.sigs.InterServer.net.SHA256.21881.UNOFFICIAL FOUND
# sigtool --find-sig=vhxtdQ.sigs.InterServer.net.SHA256.21881 [interserver256.hdb] 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21:17174:vhxtdQ.sigs.InterServer.net.SHA256.21881 in this case, "vhxtdQ.sigs.InterServer.net.SHA256.21881" is a signature, based on a SHA256 checksum of a file. > instream(local): > sigs.InterServer.net.HEX.Topline.194.150.117.29.371.UNOFFICIAL FOUND # sigtool --find-sig=sigs.InterServer.net.HEX.Topline.194.150.117.29.371 [interservertopline.db] sigs.InterServer.net.HEX.Topline.194.150.117.29.371=32615f6269727375686964772e706870 this can be decoded: # sigtool --find-sig=sigs.InterServer.net.HEX.Topline.194.150.117.29.371 | sigtool --decode-sigs VIRUS NAME: sigs.InterServer.net.HEX.Topline.194.150.117.29.371 DECODED SIGNATURE: 2a_birsuhidw.php -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https://www.charite.de _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
