Re: [clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive

Resubmited. 87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a:319649:pg3726-images.epub -Al- On Feb 14, 2016, at 4:34 PM, Al Varnell wrote: > I attempted to submit the sample I have to http://www.clamav.net/reports/fp > and it was similarly rejected as

[clamav-users] ClamAV FP/Malware Submissions

It appears that we have resolved the issue with FP/Malware submissions on ClamAV.net. We apologize for any error and inconvenience. Please let me know if you encounter any other errors. -- Joel Esler Manager, Talos Group ___

Re: [clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

Without the exact name of the Shopperz infection, I can’t tell you whether it’s a recent definition or an old one. There are currently 351 such signatures. The Uztuby-3 was added to the database on 30 Jan 2016 04-36 -0500 in daily:21324, so it’s been there for a couple of weeks. It would not

[clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

Hello, So... it seems I've been a "victim" of last week's False Positives... First I got so many files on a Windows partition "infected" by the Bancos trojan (detected by clamscan running from Linux) I quickly concluded that particular Windows setup was gone. I just noticed someone on the list

Re: [clamav-users] How do I tell if MacroDoubleExtension-zippwd is for real

See Zip.Suspect.MacroDoubleExtension-zippwd false positive Add a local.ign2 file to /share/clamav/ containing "Zip.Suspect.MacroDoubleExtension-zippwd” (without the quotes) or wait for the signature team to get their

Re: [clamav-users] How do I tell if MacroDoubleExtension-zippwd is for real

Getting this too. On jar files from a Oracle Weblogic server. I suspect this is another false positive, along the lines of the "'Win.Trojan.Bancos-2115" problem last week. -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Ted Gilchrist

[clamav-users] How do I tell if MacroDoubleExtension-zippwd is for real

I am getting a Zip.Suspect.MacroDoubleExtension-zippwd FOUND when I run clamscan on a jar file. However, when I extract the jar file, and run clamscan on the contents, the scan comes out clean. How do I determine whether this error is for real? From Googling around, I get the impression that this

Re: [clamav-users] FP System

There actually is :). There are at least four parts to the FP reporting system, and I have my team on it. -- Joel Esler Manager, Talos Group On Feb 16, 2016, at 6:17 AM, Al Varnell > wrote: Agree. We’ve been saying this for a couple of days

Re: [clamav-users] FP System

Agree. We’ve been saying this for a couple of days now and Joel said yesterday about this time "We're double checking everything.” Guess there’s a lot to check. -Al- On Feb 16, 2016, at 1:17 AM, Steve Basford wrote: > "Houston, we have a problem" aka The FP

[clamav-users] FP System

"Houston, we have a problem" aka The FP reporting system is broken. Here's a windows file which is repoting... ieinstal.exe: Win.Trojan.Win64-226 FOUND I ran freshclam... freshclam ClamAV update process started at Tue Feb 16 09:00:52 2016 main.cld is up to date (version: 55, sigs: 2424225,