Hello, On Mon, January 18, 2016 07:11, Al Varnell wrote: > We’ll have to wait for the ClamAV signature team to come to work in the AM > to get an official answer, but I’m curious on how you know that all of > these submissions to VirusTotal represent proven threats? In my > experience, many files uploaded to VT are totally harmless with no > scanners detecting them as infected.
maybe, but then it would be no bad idea to note this with "no threat, harmless" or similar > One possibility is that these entries were posted simply to let the > submitter know that a new signature was not required. maybe, but these should also be noted, as this is confusing; > Another possible explanation that I’ve seen in the past is that they were > already detected with a current signature, but normally the entry is > annotated with that information. correct, something like "Submission notes: Same as in Submission-ID 1172664244" _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml