Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

ive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0 Hi Micah Sorry about the delayed response, Interesting, My application does use mpress and inno setup, as part of the build process. So it makes sense that it is detected. You can also see that in the details ta

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

gt; > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > -- > *From:* clamav-users on behalf of > Christopher Marczewski > *Sent:* Monday, July 11, 2022 4:48 PM > *To:* ClamAV users ML > *Subject:* Re: [clamav-users] F

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

. From: clamav-users on behalf of Christopher Marczewski Sent: Monday, July 11, 2022 4:48 PM To: ClamAV users ML Subject: Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0 Looks like allmatch scanning may

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Looks like allmatch scanning may be confined to the PUA CVDs if the first signature alert is a PUA signature, as was the case here. PUA.Win.Packer.Exe-6 alerted on this sample during the report processing, but no additional signature alerted. A manual scan without PUA signatures enabled resulted i

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Did anybody from the ClamAV team had the chance to take a look at this? On Sun, 10 Jul 2022, 9:27 G.W. Haywood via clamav-users, < clamav-users@lists.clamav.net> wrote: > Hi there, > > On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote: > > > I've never seen a user post to that list and I've

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi there, On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote: I've never seen a user post to that list and I've subscribed to it for decades. My impression has always been it's for database update announcements only. You might be right Al but I took the URI from a list post and ISTR that a

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

I've never seen a user post to that list and I've subscribed to it for decades. My impression has always been it's for database update announcements only. Sent from my iPad -Al- -- ClamXAV User > On Jul 9, 2022, at 09:44, Yaron Elharar via clamav-users > wrote: > > I didn't want to create a

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Shouldn't make any difference as VirusTotal is likely using 0.105, but upgrading isn't up to me as that's something the ClamXAV developer will eventually get around to. Sent from my iPad -Al- -- ClamXAV User > On Jul 9, 2022, at 09:25, G.W. Haywood via clamav-users > wrote: > > A guess: I

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Thank you for taking a look, my understanding of this is also limited, but I'm using 0.105.0.0 With these signatures ClamAV update process started at Sat Jul 9 19:32:19 2022 daily.cvd database is up-to-date (version: 26596, sigs: 1989075, f-level: 90, builder: raynman) main.cvd database is up-to-

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi there, On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote: ... --- SCAN SUMMARY --- Known viruses: 12318966 Engine version: 0.104.1 ... ... it would appear that there is a valid False Positive entry in the database for four different files ... ... So why it's being detecte

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

My capabilities for examining Windows files are extremely limited, given that I'm an AppleMac user, exclusively. Running clamscan --debug against the file I see the following near the end: > LibClamAV debug: FP SIGNATURE: > 95a6e35279662aa2f26d768b15091a55:4514540:Win.Dropper.Tinba-9943147-0 #

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

that correlates exactly to where it started happening 👍 It's a pretty cool case converter called AnyCase https://www.virustotal.com/gui/file/2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9?nocache=1 "... but perhaps the above will allow you to track down what component of the pro

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi, Just FYI, that was added to the ClamAV daily.ldb signature database on Apr 9 of this year, which matches your FP reporting effort timeline. And the signature is: % sigtool -fWin.Dropper.Tinba-9943147-0|sigtool --decode-sigs VIRUS NAME: Win.Dropper.Tinba-9943147-0 TDB: Engine:51-255,Target:1

Re: [clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi there, On Sat, 9 Jul 2022, Yaron Elharar via clamav-users wrote: My program has recently started to be flagged with Win.Dropper.Tinba-9943147-0 by ClamAV at Virus Total File hash 2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9 I've tried to reach out to the team through th

[clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0

Hi Everyone My program has recently started to be flagged with Win.Dropper.Tinba-9943147-0 by ClamAV at Virus Total File hash 2852bc241913dc07ca13f865f766f0f07596e7d3209bc8caad767ff7f1e39ee9 I've tried to reach out to the team through the false-positive reporting tool with no success for the pas