[clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

In keeping with one false positive reports I have 8 CentOS servers report below after Signatures Published daily - 22782 update: All attachment with extension *.xlsm have the same issue: Our content checker found virus: Win.Trojan.Toa-5368540-0 Believe this is a false positive Would lik

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782 > update: > > All attachme

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

#All# macros inside xlsm files are being blocked due to sig blocking of Vbaproject.bin inside. Cheers, Steve Twitter: @sanesecurity On 27 December 2016 20:08:37 Adnan de Castro Donato wrote: In keeping with one false positive reports I have 8 CentOS servers report below after Signature

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

Office Open XML file format (.doc(x|m), .xls(x|m), etc., https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those with macros typically contain an OLE2 file named vbaProject.bin. This signature appears as though it would match all standard Open XML files that contain macros. Exam

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

On Dec 27, 2016, at 1:53 PM, demonhunter wrote: > Office Open XML file format (.doc(x|m), .xls(x|m), etc., > https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those with > macros typically contain an OLE2 file named vbaProject.bin. This signature > appears as though it would mat

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

sure, sending right now !!! - Mensagem original - De: "Joel Esler (jesler)" Para: "Adnan de Castro Donato" , "clamav-users" Enviadas: Terça-feira, 27 de dezembro de 2016 18:25:14 Assunto: Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0 Are you able to

[clamav-users] Submitted false-negative still not detected

Hi, I submitted a false-negative a few days ago and it still is not detected after the most recent update. It would be helpful for these kind of things if some kind of ticket or confirmation was issued at the time of submission. The only thing I can do is link to virustotal here: https://www.viru

Re: [clamav-users] Submitted false-negative still not detected

Alex, Regarding the ticket and confirmation piece, we are working on that. -- Sent from my iPhone > On Dec 27, 2016, at 8:21 PM, Alex wrote: > > Hi, > > I submitted a false-negative a few days ago and it still is not > detected after the most recent update. It would be helpful for these >