Hi all,
Since yesterday I try to submit a JavaScript malware sample but I always
get that the sample is empty, see below.
Does that mean that the file upload wasn't successful (which the webpage
clearly indicates it was, otherwise I wouldn't be able to submit) or does
that mean that it didn't
I attempted to submit the sample I have to http://www.clamav.net/reports/fp and
it was similarly rejected as "empty." Scanned the file on my computer after
updating definitions still shows it as infected. Uploading it to VirusTotal
results in only a ClamAV detection:
I understand it can be whitelisted, but I posted to the list in hope that the
person who introduced the problem to the file daily.cd on 2/12/2016 will read
the thread and roll back the changes.
Thanks!
On Sunday, February 14, 2016 11:48 AM, Steve basford
I’ve had one ClamXav user complain on Friday that all the .epub and kindle
downloads from http://www.gutenberg.org/ebooks/3726 were infected. When
decompressed it reveals several files with ".txt.html" extensions.
We seen problems with such all encompassing signatures in the past so I suspect
Hi,false positives started coming after update to (daily.cvd version: 21360)my
submissions for false-positive reports on clamav.net keep reporting "The sample
is empty."
How to reproduce:
mkdir /tmp/test_dir
touch /tmp/test_dir/txt_csv.jar.0
jar cf test_dir.jar /tmp/test_dir
# or
zip -r
Hi,
Here's the entry for
Zip.Suspect.MacroDoubleExtension-zippwd
(?i)((\.doc)|([
_.-](7z|avi|bmp|csv|docx|gif|gz|jpeg|jpg|mov|mp3|mp4|mpg|pdf|png|pps|ppt|pptx|psd|rar|tar|tar\.gz|tif|tiff|txt|wav|xls|xlsx|zip)))[