Re: [clamav-users] Submitted false-negative still not detected

2016-12-27 Thread Joel Esler (jesler)
Alex, Regarding the ticket and confirmation piece, we are working on that. -- Sent from my iPhone > On Dec 27, 2016, at 8:21 PM, Alex wrote: > > Hi, > > I submitted a false-negative a few days ago and it still is not > detected after the most recent update. It would be helpful for these >

[clamav-users] Submitted false-negative still not detected

2016-12-27 Thread Alex
Hi, I submitted a false-negative a few days ago and it still is not detected after the most recent update. It would be helpful for these kind of things if some kind of ticket or confirmation was issued at the time of submission. The only thing I can do is link to virustotal here: https://www.viru

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Adnan de Castro Donato
sure, sending right now !!! - Mensagem original - De: "Joel Esler (jesler)" Para: "Adnan de Castro Donato" , "clamav-users" Enviadas: Terça-feira, 27 de dezembro de 2016 18:25:14 Assunto: Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0 Are you able to

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Al Varnell
On Dec 27, 2016, at 1:53 PM, demonhunter wrote: > Office Open XML file format (.doc(x|m), .xls(x|m), etc., > https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those with > macros typically contain an OLE2 file named vbaProject.bin. This signature > appears as though it would mat

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread demonhunter
Office Open XML file format (.doc(x|m), .xls(x|m), etc., https://en.wikipedia.org/wiki/Office_Open_XML) are ZIP files, and those with macros typically contain an OLE2 file named vbaProject.bin. This signature appears as though it would match all standard Open XML files that contain macros. Exam

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Steve basford
#All# macros inside xlsm files are being blocked due to sig blocking of Vbaproject.bin inside. Cheers, Steve Twitter: @sanesecurity On 27 December 2016 20:08:37 Adnan de Castro Donato wrote: In keeping with one false positive reports I have 8 CentOS servers report below after Signature

Re: [clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Joel Esler (jesler)
Are you able to submit the files via the website? -- Sent from my Apple Watch On Dec 27, 2016, at 3:08 PM, Adnan de Castro Donato wrote: > > In keeping with one false positive reports > I have 8 CentOS servers report below after Signatures Published daily - 22782 > update: > > All attachme

[clamav-users] Probable false positive *.xlsm - Win.Trojan.Toa-5368540-0

2016-12-27 Thread Adnan de Castro Donato
In keeping with one false positive reports I have 8 CentOS servers report below after Signatures Published daily - 22782 update: All attachment with extension *.xlsm have the same issue: Our content checker found virus: Win.Trojan.Toa-5368540-0 Believe this is a false positive Would lik