> > Confirmed FP I would say: > > https://virustotal.com/en/file/2f7eaacf490839d9c603736149286272aea4df46c0daf58f0c70062041c68230/analysis/ > >
Agreed, above being the sha256sum of 2240 null bytes. The hit on the null bytes could of course be masking actual malware in the same container the file of nulls came from . Presumeably clamav is missing a signature for the original malware that prompted the broken signature. So my pdf might still contain malware and whitelisting the sig while logical might lead to an unfortunate result for anyone then receiving and opening the same pdf. -- David Shrimpton _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
