* Zvi Kave via clamav-users <clamav-users@lists.clamav.net>:
> Hi,
>
> Where can I find more information about ClamAV detected virus like
> Win.Trojan.N-68
>
> or another name ?
You can decode the signature using this command:
# sigtool -fWin.Trojan.N-68 | sigtool --decode-sigs
Basically it finds an email containing a BASE64 encoded "readme.exe"
using the content type "audio/x-wav"... Maybe this helps:
VIRUS NAME: Win.Trojan.N-68
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
REMOVED A MIME BOUNDARY HERE
Content-Type: audio/x-wav;
name="readme.exe"
Content-Transfer-Encoding: base64
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk
Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de _______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat