It helps the signature team locate those submitted files faster if you post their hash values here.
-Al- On Tue, Jul 31, 2018 at 01:53 AM, Albrecht, Peter wrote: > Hello, > > Since Saturday (2018-07-28) we are seeing many reports from clamscan having > found (possibly) infected files. I suspect these are false positives because > checking > the files on virustotal.com <http://virustotal.com/> returns only clamav > reporting them as infected. > > The reported files are mostly jar files used by our applications (e.g. > httpclient-*.jar, > httpcore-*.jar in different versions). These are the signatures which produce > most > of the reports: > > Html.Malware.Agent-6625161-0 > Html.Malware.Agent-6625163-0 > Html.Malware.Agent-6625207-0 > Html.Malware.Agent-6625208-0 > Html.Malware.Agent-6625209-0 > Html.Malware.Agent-6625345-0 > > Currently, we have whitelisted the above signatures. I suspect that it is an > error > in the database because that's the only thing that has changed since Friday. > We > are using clamav 0.99.4 and 0.100.0 on Linux with a daily update of the virus > signatures. > > I have uploaded the file which generated the most reports yesterday to > clamav.net <http://clamav.net/> > and requested doublechecking if that would be a false positive. > > Does anybody else see such a behaviour? Any ideas of what might be the reason? > Any suggestions what to do? Whitelisting all reported signatures would not be > our > preferred solution ... > > Thanks a lot, > > Peter Albrecht > Senior Linux Administrator > > Wirecard Service Technologies GmbH > Einsteinring 35 | 85609 Aschheim | Germany > Tel: +49 (0) 89 4424-191076 > https://www.wirecard.com <https://www.wirecard.com/> > ________________________________________________________________________________________________________ > > Amtsgericht München HRB Nummer 238 150 > > Geschäftsführer: Thomas Neef, Susanne Steidl, Yiannakis Ioannou > > VERTRAULICHE INFORMATIONEN! Diese E-Mail enthält vertrauliche Informationen > und ist nur für den berechtigten Empfänger > bestimmt. Wenn diese E-Mail nicht für Sie bestimmt ist, bitten wir Sie, diese > E-Mail an uns zurückzusenden und anschließend > auf Ihrem Computer und Mail-Server zu löschen. Solche E-Mails und Anlagen > dürfen Sie weder nutzen, noch verarbeiten oder > Dritten zugänglich machen, gleich in welcher Form. Wir danken für Ihre > Kooperation! > > CONFIDENTIAL! This email contains confidential information and is intended > for the authorized recipient only. If you are > not an authorised recipient please return the email to us and then delete it > from your computer and mail-server. You may neither > use nor edit any such emails including attachments, nor make them accessible > to third parties in any manner whatsoever. > Thank you for your cooperation. > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > <https://github.com/vrtadmin/clamav-faq> > > http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> -Al- -- Al Varnell Mountain View, CA
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml