that correlates exactly to where it started happening 👍 It's a pretty cool case converter called AnyCase https://www.virustotal.com/gui/file/2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9?nocache=1
"... but perhaps the above will allow you to track down what component of the program is being detected." I thought about doing that, but I don't know where to start, it would be great to understand what is happening, and why Where should I start? On Sat, Jul 9, 2022 at 12:59 PM Al Varnell via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi, > > Just FYI, that was added to the ClamAV daily.ldb signature database on Apr > 9 of this year, which matches your FP reporting effort timeline. > > And the signature is: > > % sigtool -fWin.Dropper.Tinba-9943147-0|sigtool --decode-sigs > VIRUS NAME: Win.Dropper.Tinba-9943147-0 > TDB: Engine:51-255,Target:1 > LOGICAL EXPRESSION: 0&1&2&3&4 > * SUBSIG ID 0 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > !Win32 .EXE. > * SUBSIG ID 1 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > .MPRESS1 > * SUBSIG ID 2 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > .MPRESS2 > * SUBSIG ID 3 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > G(XPTPjxW > * SUBSIG ID 4 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > .)D$H+ > > You didn't mention the name of your program or where it can be found, so > I'm unable to check further, but perhaps the above will allow you to track > down what component of the program is being detected. > > I suspect someone from the ClamAV Signature Team will spot this shortly, > but it is the start of a weekend, so may take a couple of days. > > -Al- > > On Jul 9, 2022, at 1:10 AM, Yaron Elharar via clamav-users < > clamav-users@lists.clamav.net> wrote: > > Hi Everyone > > My program has recently started to be flagged > with Win.Dropper.Tinba-9943147-0 by ClamAV at Virus Total > > File hash > 2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9 > > > > Powered by *Mailbutler > <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary>* > - > still your inbox, but smarter. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
