Hello I am trying to understand why Splunk Cloud (which uses ClamAV) is giving a false positive result on an app I am developing, specifically “Vbs.Trojan.AsyncRAT-9889434-1”.
I’ve used “sigtool --find="Vbs.Trojan.AsyncRAT-9889434-1" to see its signature which I understand comprises some subsignatures, but I’ve not been able to find out details of what triggers this detection. By any chance is ClamAV using this yara rule https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Asyncrat.yar ? Thanks in advance for any answers or pointers. Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast, a leader in email security and cyber resilience. Mimecast integrates email defenses with brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast helps protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world. To find out more, visit our website.
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat