V users ML
> *Cc:* Al Varnell
> *Subject:* Re: [clamav-users] Elmedia Player.app detection
>
>
>
> That signature has been in the database since Oct 20, 2017 and is a hash
> signature, so there's little chance of it being an FP.
>
> [daily.hsb]
> 17fe5ebacff74bfb
users ML
Cc: Al Varnell
Subject: Re: [clamav-users] Elmedia Player.app detection
That signature has been in the database since Oct 20, 2017 and is a hash
signature, so there's little chance of it being an FP.
[daily.hsb]
17fe5ebacff74bfb6028eb371ceeaf2b:2484384:Osx.Trojan.Proton-6352635
That signature has been in the database since Oct 20, 2017 and is a hash
signature, so there's little chance of it being an FP.
[daily.hsb]
17fe5ebacff74bfb6028eb371ceeaf2b:2484384:Osx.Trojan.Proton-6352635-0:73
-Al-
ClamXAV User
On Tue, Dec 10, 2019 at 06:02 AM, Douglas Stinnette wrote:
> Seem
Hey Douglas!
Would you like to provide the hash of the file? That would help us confirm
it's a FP. There's also a research about a specific version of Elmedia
Player being trojanized that might provide more insight:
https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/
Seems to me that this is a false positive.
/Applications/Elmedia Player.app/Contents/MacOS/Elmedia Player
Osx.Trojan.Proton-6352635-0 FOUND
I sent a copy of the file to other vendors to double check it and they
reported it was not malware.
I have submitted false positives to ClamAV before and ne