McDonald, Dan wrote:
The clamav-unofficial-sigs.sh script has a nifty decoding tool for .ndb signatures. Can someone give me a procedure for decoding .ldb signatures? I've been seeing a lot of Sanesecurity.Spam.ldb.21.UNOFFICIAL and would like to know what it is:
http://pastebin.ws/f31y4zIn a nutshell... it's a new image spam variant, stopping with the brilliant logical signatures database type :)
Cheers, Steve Sanesecurity