Hi all, Recently, ClamAV sent us the following alert "Win.Tool.Hoax-9939325-0" on one of our executables. This software was developed by our teams and has not been modified since 2014. And suddenly, an alert is lifted... After some research in the ClamAV VirusDB announcements, I found that this signature was added on February 18, 2022 ( daily version 26457 ).
We investigated on our side and saw that the alert was lifted because of 5 subsignatures : * OnClientToHostWindowX * OnDownloadComplete( * OnFrameNavigateComplete4 * OnDownloadBegin4 * OnStatusBar These functions come from a Borland library. In our case, they are used consciously for functional needs. Does this signature "Win.Tool.Hoax-9939325-0" detect something really problematic that can compromise our system via our executable ? Is there a way to bypass the lifting of this signature, without completely ignoring it, if it ultimately proves useful against other files? Kind regards, Alexis
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
