Discussion:
[clamav-users] Report descriptions
Giorgi Kakhabrishvili
2018-11-21 11:20:58 UTC
Permalink
Dear Sir/Madam

Can you tall me where can I find descriptions of ClamAV report? I mean if
for example I'll get report that file is infected and it's
"Win.Trojan.MSShellcode-7", what does it mean? what kind of malicious
behavior it have? Is there any catalog or something like that, where I'll
be able to check it out?

Best regards
Giorgi Kakhabrishvili
Al Varnell
2018-11-21 12:03:37 UTC
Permalink
Unfortunately, ClamAV does not normally make that information public and the possible record of it's meaning would be in the signature writer's notes.

About the only thing you can do is do a Google search on the infection name in quotes followed by site:virustotal.com <http://virustotal.com/>.

For the one you cited there is <https://www.virustotal.com/en/file/04c450d67d4324ed245ce9e73c95bdcfad2bb64bab1887e1a22c37f372dc9260/analysis/1498573971/ <https://www.virustotal.com/en/file/04c450d67d4324ed245ce9e73c95bdcfad2bb64bab1887e1a22c37f372dc9260/analysis/1498573971/>> for instance. Then you can check some of the other scanners for what they call that infection for more details.

-Al-
ClamXAV User
Post by Giorgi Kakhabrishvili
Dear Sir/Madam
Can you tall me where can I find descriptions of ClamAV report? I mean if for example I'll get report that file is infected and it's "Win.Trojan.MSShellcode-7", what does it mean? what kind of malicious behavior it have? Is there any catalog or something like that, where I'll be able to check it out?
Best regards
Giorgi Kakhabrishvili
Loading...