Attachments are not allowed here. Be sure you submit it to the False Positive Report site and post the hash value back here.
Sent from Janet's iPad -Al- On Feb 23, 2016, at 5:55 AM, Tsutomu Oyamada wrote: > There are still positives "Zip.Suspect.MacroDoubleExtension-zippwd". > (see attached file) > To resolve this false positive when it does? > > On Wed, 17 Feb 2016 20:16:02 -0800 Dennis Peterson wrote: >> My experience with these kind of failures is that the pattern is not >> properly anchored or the writer doesn't understand greedy grep patterns or >> both. Fallout from the new pcregrep, perhaps? I've not analyzed it so am >> speculating here, but lessons learned after decades of doing this is of >> regex results amaze you then you have probably screwed up somewhere when >> writing the pattern. Or as one of my staff liked to say, something we're >> sure of is wrong. >> >> dp >> >> On 2/16/16 7:02 PM, Al Varnell wrote: >>> Resubmited. >>> >>> 87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a:319649:pg3726-images.epub >>> >>> -Al- >>> >>> On Feb 14, 2016, at 4:34 PM, Al Varnell wrote: >>>> I attempted to submit the sample I have to >>>> http://www.clamav.net/reports/fp and it was similarly rejected as "empty." >>>> Scanned the file on my computer after updating definitions still shows it >>>> as infected. Uploading it to VirusTotal results in only a ClamAV >>>> detection: >>>> <https://www.virustotal.com/en/file/87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a/analysis/1455495993/>. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml