[clamav-users] Fwd: Successfully processed

Hi all, Since yesterday I try to submit a JavaScript malware sample but I always get that the sample is empty, see below. Does that mean that the file upload wasn't successful (which the webpage clearly indicates it was, otherwise I wouldn't be able to submit) or does that mean that it didn't

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

I attempted to submit the sample I have to http://www.clamav.net/reports/fp and it was similarly rejected as "empty." Scanned the file on my computer after updating definitions still shows it as infected. Uploading it to VirusTotal results in only a ClamAV detection:

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

I understand it can be whitelisted, but I posted to the list in hope that the person who introduced the problem to the file daily.cd on 2/12/2016 will read the thread and roll back the changes. Thanks! On Sunday, February 14, 2016 11:48 AM, Steve basford

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

I’ve had one ClamXav user complain on Friday that all the .epub and kindle downloads from http://www.gutenberg.org/ebooks/3726 were infected. When decompressed it reveals several files with ".txt.html" extensions. We seen problems with such all encompassing signatures in the past so I suspect

[clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

Hi,false positives started coming after update to (daily.cvd version: 21360)my submissions for false-positive reports on clamav.net keep reporting "The sample is empty." How to reproduce: mkdir /tmp/test_dir touch /tmp/test_dir/txt_csv.jar.0 jar cf test_dir.jar /tmp/test_dir # or zip -r

Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

Hi, Here's the entry for Zip.Suspect.MacroDoubleExtension-zippwd (?i)((\.doc)|([ _.-](7z|avi|bmp|csv|docx|gif|gz|jpeg|jpg|mov|mp3|mp4|mpg|pdf|png|pps|ppt|pptx|psd|rar|tar|tar\.gz|tif|tiff|txt|wav|xls|xlsx|zip)))[