Hi Alain, That is nice to know. I am still trying to learn what files are detected across our systems. /Users/smstiffler/Library/Application Support/ zoom.us/zoom.us.app/Contents/Frameworks/annoter.bundle/Contents/MacOS/annoter Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
Could you let me know the name of the next update? Any suggestions on how I can restore the files locally? Thanks, Doug On Thu, Jan 9, 2020 at 12:41 PM Alain Zidouemba <azidoue...@sourcefire.com> wrote: > Confirming that those are false positives, thanks for reporting. The > offending signature has been dropped. This should be reflected in the next > signature update. > > - Alain > > On Thu, Jan 9, 2020 at 12:29 PM Douglas Stinnette <dstin...@vcu.edu> > wrote: > >> This definition is detecting many files that appear to be safe. >> Has anyone else seen this? >> I have had no luck in getting ClamAV to address false positives in the >> past. >> >> Files and paths I have seen so far but it seems to increase: >> /Library/Application Support/Adobe/Adobe Desktop >> Common/ExchangePlugin/ExchangePluginDylib.dylib >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> /Applications/Publisher >> Lite.app/Contents/Frameworks/iMedia.framework/Versions/A/iMedia >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> /Applications/TeX/TeXShop.app/Contents/MacOS/TeXShop >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> /Applications/Citrix Workspace.app/Contents/Resources/Templates/Citrix >> Viewer.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> /Applications/Citrix >> Workspace.app/Contents/Resources/Templates/DockApplication.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUN >> /Library/Application Support/Citrix Receiver/Citrix Workspace >> Updater.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> usr/local/libexec/ReceiverHelper.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices >> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND >> >> -- >> >> >> Douglas Stinnette >> >> VCU Technology Services >> >> Endpoint Security Specialist >> >> Virginia Commonwealth University >> >> 827-0933 >> >> >> >> Don't be a phishing victim - VCU and other reputable organizations will >> never use email to request that you reply with your password, Social >> Security number or confidential personal information. For more details >> visit http://go.vcu.edu/phishing or http://phishing.vcu.edu. >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Douglas Stinnette VCU Technology Services Endpoint Security Specialist Virginia Commonwealth University 827-0933 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
