I found a rejection based on vhxtdQ.sigs.InterServer.net.SHA256.21881
in my mail.log and wanted to check what the signature searches for.
So I took out ye olde sigtool - and failed:
# /usr/local/bin/sigtool --find-sigs vhxtdQ.sigs.InterServer.net.SHA256.21881 | /usr/local/bin/sigtool --decode-sigs
ERROR: decodesig: Invalid or not supported signature format
TOKENS COUNT: 3
# /usr/local/bin/sigtool --find-sigs vhxtdQ.sigs.InterServer.net.SHA256.21881
[interserver256.hdb] 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21:17174:vhxtdQ.sigs.InterServer.net.SHA256.21881
The source of which is:
https://rbldata.interserver.net/interserver256.hdb
looking at that file I realised that these signatures ar merely SHA256
checksums, so there's not much to decode. But should sigtool --decode-sigs
really throw an error in that case?
I'm using the official deb packages from clamav.net:
# dpkg -l |fgrep clam
ii clamav 1.2.0-1 amd64 ClamAV open source email, web, and end-point anti-virus toolkit.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
in my mail.log and wanted to check what the signature searches for.
So I took out ye olde sigtool - and failed:
# /usr/local/bin/sigtool --find-sigs vhxtdQ.sigs.InterServer.net.SHA256.21881 | /usr/local/bin/sigtool --decode-sigs
ERROR: decodesig: Invalid or not supported signature format
TOKENS COUNT: 3
# /usr/local/bin/sigtool --find-sigs vhxtdQ.sigs.InterServer.net.SHA256.21881
[interserver256.hdb] 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21:17174:vhxtdQ.sigs.InterServer.net.SHA256.21881
The source of which is:
https://rbldata.interserver.net/interserver256.hdb
looking at that file I realised that these signatures ar merely SHA256
checksums, so there's not much to decode. But should sigtool --decode-sigs
really throw an error in that case?
I'm using the official deb packages from clamav.net:
# dpkg -l |fgrep clam
ii clamav 1.2.0-1 amd64 ClamAV open source email, web, and end-point anti-virus toolkit.
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat