Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: devel

NEF-file with Dos.Flip.Gen

 

 

ClamAV devel RSS feed   Index | Next | Previous | View Threaded


henri at nerv

Feb 12, 2012, 1:20 AM

Post #1 of 3 (771 views)
Permalink
NEF-file with Dos.Flip.Gen

I found a .NEF-file with vulnerability "Dos.Flip.Gen". What does that malware do? What is usually the best way to investigate virus names, which are used in ClamAV?

DSC_4113.NEF: TIFF image data, big-endian
main.cld:
Dos.Flip.Gen (Clam)=0ebb????????????b2??81c1????eb

I can send the sample if that helps.

- Henri Salo
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


chatsiri at chatsiri

Feb 12, 2012, 5:00 PM

Post #2 of 3 (711 views)
Permalink
Re: NEF-file with Dos.Flip.Gen [In reply to]

----- Original message -----
> I found a .NEF-file with vulnerability "Dos.Flip.Gen". What does that
> malware do? What is usually the best way to investigate virus names,
> which are used in ClamAV?
>
> DSC_4113.NEF: TIFF image data, big-endian
> main.cld:
> Dos.Flip.Gen (Clam)=0ebb????????????b2??81c1????eb
>
How do you trace signature that you doubt it's virus? It's show debug on clamav debug mode,right?
> I can send the sample if that helps.
>
> - Henri Salo
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


henri at nerv

Feb 13, 2012, 2:49 AM

Post #3 of 3 (717 views)
Permalink
Re: NEF-file with Dos.Flip.Gen [In reply to]

On Mon, Feb 13, 2012 at 08:00:37AM +0700, Chatsiri Ratana wrote:
> ----- Original message -----
> > I found a .NEF-file with vulnerability "Dos.Flip.Gen". What does that
> > malware do? What is usually the best way to investigate virus names,
> > which are used in ClamAV?
> >
> > DSC_4113.NEF: TIFF image data, big-endian
> > main.cld:
> > Dos.Flip.Gen (Clam)=0ebb????????????b2??81c1????eb
> >
> How do you trace signature that you doubt it's virus? It's show debug on clamav debug mode,right?

In my normal scanning I found a file named DSC_4113.NEF with infection Dos.Flip.Gen and I did grep main.cld for the string and tried to Google for more information. After I didn't find anything useful I am asking here to get more information how to vefiry this sample is indeed malware and not a false-positive.

At the moment I have NO idea what Dos.Flip.Gen means.

- Henri Salo
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

ClamAV devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.