You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see the LZH signature matching on this file, but then the embedded PE header signature also matches. And it seems to be prioritizing embedded PE file type detection over that of LZH file type detection, even though LZH was detected first.
I will have to investigate further to find the correct solution.
Describe the bug
Created a simple cdb signature to test exe blocking in LZH:
Seems to work fine with the LZHs I've tested, however, the attached LZH doesn't fire on the above rule.
The LZH's that work are
-lh5-
and the one that doesn't is-lh0-
purchase order TH.exe
I've zipped the LZH with password: infected
bad.zip
Hopefully I'm missing something obvious ;)
The text was updated successfully, but these errors were encountered: