The signature is based on a 2240 byte file, so it is probably something embedded in the PDF.
In any case, it needs to be uploaded to <http://www.clamav.net/reports/fp>. Is the MD5 of the entire PDF 013167adb9fbc93923f9c0789599ec95, because Steve and I aren’t finding anything on VT with any detections with that MD5? -Al- On Tue, Sep 27, 2016 at 12:39 AM, David Shrimpton wrote: > > Hi, > > Win.Trojan.Agent-1696554 added to daily.hdb on 21/9/16 is an > md5sum of a file containing 2240 null bytes only, so appears > to be a broken signature. > > It is causing false positives. > > The example I have was a FP on a 944010 byte pdf which comes up > negative on virustotal except for clamav.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
