clamav-devel February 2012 archive
Main Archive Page > Month Archives  > clamav-devel archives
clamav-devel: Re: [Clamav-devel] NEF-file with Dos.Flip.Gen

Re: [Clamav-devel] NEF-file with Dos.Flip.Gen

From: Henri Salo <henri_at_nospam>
Date: Mon Feb 13 2012 - 10:49:17 GMT
To: ClamAV Development <>

On Mon, Feb 13, 2012 at 08:00:37AM +0700, Chatsiri Ratana wrote:
> ----- Original message -----
> > I found a .NEF-file with vulnerability "Dos.Flip.Gen". What does that
> > malware do? What is usually the best way to investigate virus names,
> > which are used in ClamAV?
> >
> > DSC_4113.NEF: TIFF image data, big-endian
> > main.cld:
> > Dos.Flip.Gen (Clam)=0ebb????????????b2??81c1????eb
> >
> How do you trace signature that you doubt it's virus? It's show debug on clamav debug mode,right?

In my normal scanning I found a file named DSC_4113.NEF with infection Dos.Flip.Gen and I did grep main.cld for the string and tried to Google for more information. After I didn't find anything useful I am asking here to get more information how to vefiry this sample is indeed malware and not a false-positive.

At the moment I have NO idea what Dos.Flip.Gen means.

- Henri Salo
Please submit your patches to our Bugzilla: