> I guess this is a false positive? decodes to:
width=1 height=1 f*r*a*m*e*b*o*r*d*e*r=0></i*f*r*a*m*e> (remove *'s) I guess this might hit on If you are using 0.96 and want to whitelist it: 1. create a whitelist.ign2 file (for example) 2. insert the text: HTML.IFrame-39 3. restart clamd 4. Submit a sample and click the False Positive box: http://cgi.clamav.net/sendvirus.cgi Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml