On Mon, February 15, 2016 11:22 am, Mark Allan wrote: > I'm still getting the email saying "your sample was empty", so I'm > posting here too. > > The Ramnit series of sigs is hitting a bunch of files which have been > resident on users' HDs and scanned as clean for many years. VT also > reports ClamAV as the only vendor detecting an infection. To clear the > infections, I'm having to add the following sig names in an ign2 file. > > Win.Trojan.Ramnit-7261 > > Hashes of the samples I uploaded are: > f3c174edcbaef7cb947d6357cdfde7ff:422912:m3jp2k32.dll
Just to confirm... "Probably harmless! There are strong indicators suggesting that this file is safe to use." https://www.virustotal.com/en/file/838208ca73fe8dcc116c8b5b76a21a61dd75182e1133b717079ee085d722c4c7/analysis/ > 881c86b65b44d8033575a402a2aa1ab1:454656:vsshdsd.dll https://www.virustotal.com/en/file/9031534974a857e51626830e7580a8195331697a121ff34cb5db6cb0678de886/analysis/ Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com Twitter: @sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
