Mailing List Archive

More info about detected virus
Hi,




Where can I find more information about ClamAV detected virus like Win.Trojan.N-68

or another name ?

Googling give me no additional information about the virus.




Thanks,




Zvi
Re: [ext] More info about detected virus [ In reply to ]
* Zvi Kave via clamav-users <clamav-users@lists.clamav.net>:
> Hi,
>
> Where can I find more information about ClamAV detected virus like
> Win.Trojan.N-68
>
> or another name ?

You can decode the signature using this command:

# sigtool -fWin.Trojan.N-68 | sigtool --decode-sigs

Basically it finds an email containing a BASE64 encoded "readme.exe"
using the content type "audio/x-wav"... Maybe this helps:

VIRUS NAME: Win.Trojan.N-68
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
REMOVED A MIME BOUNDARY HERE
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64

--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [ext] More info about detected virus [ In reply to ]
Thank you Ralf.


On 6/8/2022 6:25 PM, Ralf Hildebrandt via clamav-users wrote:
* Zvi Kave via clamav-users <clamav-users@lists.clamav.net>:
Hi, Where can I find more information about ClamAV detected virus like Win.Trojan.N-68 or another name ?
You can decode the signature using this command: # sigtool -fWin.Trojan.N-68 | sigtool --decode-sigs Basically it finds an email containing a BASE64 encoded "readme.exe" using the content type "audio/x-wav"... Maybe this helps: VIRUS NAME: Win.Trojan.N-68 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: REMOVED A MIME BOUNDARY HERE Content-Type: audio/x-wav; name="readme.exe" Content-Transfer-Encoding: base64 -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebrandt@charite.de https://www.charite.de"]https://www.charite.de _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users"]https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation"]https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat"]https://docs.clamav.net/#mailing-lists-and-chat