Hello,
Le Thursday 03 June 2010 13:05:39 Jiri Reischig, vous avez écrit :
> Hi all,
>
> is it possible find anywhere information what "PUA.HTML.Infected.WebPage"
> exactly means if it's detected in the file?
>
> It's look like that it detects files with iframe html tag.
> When yes it can detect a
> Yep, please open a ticket in our bugzilla
Entry added:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2063
BTW, might be an idea to add "Sigtool" to the component options page on
Bugzilla.
Cheers,
Steve
Sanesecurity
___
Help us build a comprehe
On Thu, 3 Jun 2010 13:57:02 +0100 Steve Basford
wrote:
> Could a --database type option be added to sigtool, for loading databases
> outside the normal DatabaseDirectory area from the clamd.conf file?
Yep, please open a ticket in our bugzilla
--
oo. Tomasz Kojm
(\/)\.
Thank you all.
The command sigtool is wery useful for me.
--
Jiri Reischig
Econnect
Internet provider for NGO
Puskinovo nam. 5,160 00 Praha 6, Czech Republic
Tel: +420 224 311 780
Fax: +420 224 317 892
Web: http://www.ecn.cz
Dne Čt 3. června 2010 Steve Basford napsal(a):
> > You can use 'sigt
On 6/3/10 6:24 AM, Dennis Peterson wrote:
This is brute force but works:
grep -h Sanesecurity.Phishing.Fake.13780 * 2>/dev/null |sigtool
--decode-sigs
dp
It's brute force but apparently so too is the sigtool method. Grep is faster.
dp
___
Help us
On 6/3/10 5:57 AM, Steve Basford wrote:
You can use 'sigtool -fPUA.HTML.Infected.WebPage' to find and print the
sigs, no need to unpack.
Also works for:
sigtool -fSanesecurity.Phishing.Fake.13780 | sigtool --decode-sigs
Could a --database type option be added to sigtool, for loading database
>
> You can use 'sigtool -fPUA.HTML.Infected.WebPage' to find and print the
> sigs, no need to unpack.
Also works for:
sigtool -fSanesecurity.Phishing.Fake.13780 | sigtool --decode-sigs
Could a --database type option be added to sigtool, for loading databases
outside the normal DatabaseDirectory
> You can use 'sigtool -fPUA.HTML.Infected.WebPage' to find and print the
> sigs, no need to unpack.
Nice... thanks Edwin:
sigtool -fPUA.HTML.Infected.WebPage | sigtool --decode-sigs
:)
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive Cl
On 06/03/2010 03:42 PM, Steve Basford wrote:
> Ooops... forgot the sigtool un-pack bit (note: daily file only)
>
> sigtool --unpack-current=daily
> grep "PUA.HTML.Infected.WebPage" daily.* -h > sig.tmp
> sigtool --decode-sigs < sig.tmp > decodedsig.tmp
> cat decodedsig.tmp
You can use 'si
Ooops... forgot the sigtool un-pack bit (note: daily file only)
sigtool --unpack-current=daily
grep "PUA.HTML.Infected.WebPage" daily.* -h > sig.tmp
sigtool --decode-sigs < sig.tmp > decodedsig.tmp
cat decodedsig.tmp
Cheers,
Steve
Sanesecurity
__
> Hi all,
>
> is it possible find anywhere information what "PUA.HTML.Infected.WebPage"
> exactly means if it's detected in the file?
>
> It's look like that it detects files with iframe html tag.
> When yes it can detect a lot of files which it's OK and not include any
> "bad"
> aplication or malw
11 matches
Mail list logo
