> The clamav-unofficial-sigs.sh script has a nifty decoding tool for .ndb > signatures. Can someone give me a procedure for decoding .ldb > signatures? Dan, I'll look into adding this to the next script update. For now you can grep the .ldb file for the hex signature and paste it into -d flag like so: clamav-unofficial-sigs -d Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or a hexadecimal encoded data string and press enter (do not include '.UNOFFICIAL' in the signature name nor add quote marks to any input string): 436f6e74656e742d547970653a206d756c7469706172742f6d697865643b*436f6e74656e742d547970653a20746578742f706c61696e3b20636861727365743d5554462d38{-3}436f6e74656e742d5472616e736665722d456e636f64696e673a2037626974{-150}436f6e74656e742d547970653a20696d6167652f6a70673b206e616d653d{-150}2f396a2f34414151536b5a4a52674142416741415a41426b4141442f374141525248566a61336b414151414541414141414141412f2b3441446b466b62324a6c414754414141414141662f62;582d4d61696c65723a Here is the decoded hexadecimal input string: Content-Type: multipart/mixed;*Content-Type: text/plain; charset=UTF-8{-3}Content-Transfer-Encoding: 7bit{-150}Content-Type: image/jpg; name={-150}/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAAAAA/+4ADkFkb2JlAGTAAAAAAf/b;X-Mailer: Bill