[sleuthkit-users] Fiwalk clam scripts miss boot sector virus
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Fiwalk clam scripts miss boot sector virus
|
From: Christie P. <cpe...@jh...> - 2014-08-18 19:35:15
|
I have some floppy disks known to be infected with the boot sector virus AntiCMOS.B but when I run ficlam.sh/clamconfig.txt (https://github.com/sleuthkit/sleuthkit/tree/master/tools/fiwalk/plugins) against images of these disks, it returns nothing found. I'm wondering if this is because of how fiwalk "walks" disk images - would a malware scan using fiwalk to access the contents of a disk image ever find something in the boot sector? I'd appreciate any explanation that you could provide. Thanks in advance, Christie Peterson |
