On Mon, December 26, 2016 6:55 pm, Mark Edwards wrote: > In keeping with the other false positive reports I have more than 400 > CentOS servers report below after yesterday's freshclam update:
Yes, nashorn.jar seems to get hit too... eg: fp2\11476331d01: Win.Trojan.Toa-5372078-0 fp2\200ENGI.EXE: Win.Trojan.Toa-5380327-0 fp2\3A627716d01: Win.Trojan.Toa-5372078-0 fp2\firefox-hot...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0 fp2\Microsoft Virtual PC 2004 MSDN.msi: Win.Trojan.Toa-5370996-0 fp2\nashorn.jar: Win.Trojan.Toa-5370166-0 fp2\startupCache.4.little: Win.Trojan.Toa-5370166-0 and the earlier reported FP's are still there: fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0 fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0 fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0 fp\l...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0 fp\omni.ja: Win.Trojan.Toa-5370166-0 fp\org-netbeans-modules-javascript-nodejs.jar: Win.Trojan.Toa-5370166-0 fp\privacy_badger-1.7.0-fx.xpi: Win.Trojan.Toa-5370166-0 etc. IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing done in full after holidays. As the issues go on... https://forum.kaspersky.com/index.php?s=252c49e91f4e5a6572be42fda3a1ff56&showtopic=363061 https://www.joomlashine.com/forum/other-products/169144-uniform-package-has-win-trojan-toa-5370166-0 -- Cheers, Steve Twitter: @sanesecurity _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml