On Tuesday 08 April 2014 21:36:21 Gene Heskett did opine: > On Tuesday 08 April 2014 21:08:34 Al Varnell did opine: > > A ClamXav user contacted me today that the software he developed, > > packaged and posted as a .dmg image file had been falsely identified > > as Osx.Trojan.Genieo. I believe he had already submitted it to you a > > few days ago, but I took the time to verify and upload it again just > > be be certain. The file name is CloudCompare-2.5.0.dmg with > > MD5=b26d6ac32713795bcdb5f36bb52607a1. > > > > This is one of several .dmg files that have been found recently that > > were falsely identify an infection where the signature is based on > > patterns found in an XML section of the .dmg. I believe this section > > to be overhead information associated with the .dmg itself, unrelated > > to the contents of the mounted image. In examining the XML I notice > > that they are all very similar in both format and content, > > prominently filled with the letter “A”. I believe all the signatures > > to have been produced by the new automated system used with OSX > > samples a couple of months ago. It’s probably too early to conclude > > that the automated process is inadequate to handle .dmg files, but > > suggest that it be looked at. Signature writing is not something I > > can claim any experience with, just an observation on my part. > > > > > > -Al- > > I believe this to be an FP, my daily run identified that as being part > of both the 1.3.8 and 1.4.0 versions of rkhunter.tar.gz. Those 2 > archives have been sitting on my drive for yonks/years, but this > morning is the first time it was triggered. > > Cheers, Gene
I was mistaken because the names were so similar, it was: /home/gene/Download/rkhunter-1.4.0.tar.gz: Osx.Worm.Inqtana-3 FOUND which was also reported for the tarball.gz of 1.3.8 in that same directory Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
