Maarten Broekman

ClamAV is able to extract AutoIT scripts from PE executables. `clamscan --debug --verbose --leave-temps --tempdir . PEfile_with_autoit.exe` should create a directory structure in your current directory with a subdirectory containing...

+1 ... having the ability to specify parts of your cluster to run jobs on would great...

+1 ... I have jobs that run every other day for a month, once a year and right now the only way I can see to do that is to...

@dbl001 if that's the one on the MacOS nodejs binary, then yes... that sig was dropped (mentioned on Discord by Cisco)

Yep. It was only mentioned in Discord about 30 minutes ago so it's likely that the new daily hasn't been published with the drop.

Not sure about the Xls.Downloader... that's a fuzzy_img match.

ClamAV is removing the soft-break during normalization. The 'problem' is that it is then also converting everything to lowercase, so "DocuSign" is becoming "docusign", which doesn't match the first logical...

For reference, these are the files that get created by the different normalizations that occur while scanning that message: ``` ~/Security/20220304_130643-quoted-printable.eml.4cc5473e67/quoted-printable.eml.58567c8191$ for f in `find . -type f`; do echo...