henri at nerv
Feb 13, 2012, 2:49 AM
Post #3 of 3
On Mon, Feb 13, 2012 at 08:00:37AM +0700, Chatsiri Ratana wrote:
> ----- Original message -----
> > I found a .NEF-file with vulnerability "Dos.Flip.Gen". What does that
> > malware do? What is usually the best way to investigate virus names,
> > which are used in ClamAV?
> > DSC_4113.NEF: TIFF image data, big-endian
> > main.cld:
> > Dos.Flip.Gen (Clam)=0ebb????????????b2??81c1????eb
> How do you trace signature that you doubt it's virus? It's show debug on clamav debug mode,right?
In my normal scanning I found a file named DSC_4113.NEF with infection Dos.Flip.Gen and I did grep main.cld for the string and tried to Google for more information. After I didn't find anything useful I am asking here to get more information how to vefiry this sample is indeed malware and not a false-positive.
At the moment I have NO idea what Dos.Flip.Gen means.
- Henri Salo
Please submit your patches to our Bugzilla: http://bugs.clamav.net