This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV claims to have found a virus. Where can I see details of what this virus (Mal/ResDro-B) is supposed to do?

I have managed to discover the "Sophos Anti-Virus for Linux configuration guide".

This has told me how to check if SAV is running (in the apendix!)

SAV is currently scanning my home directory and has discovered 'Mal/ResDro-B'. (in a wine app)

Rather than simply delete it (or whatever), I would first like to know what this particular virus will/does do.

Giving it a specific name suggests to me that there is a list somewhere with descriptions of where/how/when/how many/etc... WRT this virus and all of the others that SAV is programmed to discover.

Where is this list? And/or how do I get detailed info about specific threats?

Thanks.



This thread was automatically locked due to age.
  • Hello HenryH,

    there is a list
    maybe [:)] - you're not really searching for a list with literally hundreds of thousands of items
    a specific name
    is all the same just a moniker. The prefix denotes a certain "class" - the meaning of JS, VBS, W32, ELF, OSX, Andr, and Linux is more or less obvious, the Mal and Troj distinction perhaps not. The part from slash to dash is the actual name (for a "family"), if there's a scheme it's not obvious though. Sometimes it describes a significant attribute or functionality triggering the detection, sometimes it's a catchy name, whatever. The suffixes, starting with -A, are assigned to distinct (whatever the exact distinction is) samples of a family.
    what this particular virus will/does do
    the term virus is generally not apt. Similarly, the notion that a comprehensive description of what [the virus] will/does do is not only possible but also useful is generally wrong. For many (if not most) detections the final outcome can't be predicted. A downloader for example could download almost anything.

    Thanks for reading that far [:)]. For many though not all detections there's an analysis. If there is, you can find it via the Threat Analysis page. For Mal/ResDro-B you'll find that it's a generic detection and the identical Protection available since and Last Updated timestamps indicate it hasn't been amended. That there's only an -A sibling suggests that specific detections for subsequently submitted samples are assigned to their own families.

    Probably not much help ...

    Christian