> clamav@debian-vm-07:~/clamav-devel$ sigtool --find-sigs=Worm.Bagle.H-zip
> [main.db] Worm.Bagle.H-zippwd-1
>
> What makes this one a special case is the extra " (Clam)" at the end of
> the signature name. This is an old sig.
Hi Dave,
Thanks for the detailed write-up, the issue was a bit confus
On Tue, Nov 12, 2013 at 7:14 AM, Andreas Schulze
wrote:
> Am 12.11.2013 12:59 schrieb Andreas Schulze:
> > I found a fantastic fact!
> +1
>
> other samplemessage:
> $ clamdscan falsepositive falsepositive.ok
> /tmp/falsepositive: Worm.Bagle.H-zippwd-1 FOUND
> /tmp/falsepositive.ok: OK
>
>
Am 12.11.2013 12:59 schrieb Andreas Schulze:
> I found a fantastic fact!
+1
other samplemessage:
$ clamdscan falsepositive falsepositive.ok
/tmp/falsepositive: Worm.Bagle.H-zippwd-1 FOUND
/tmp/falsepositive.ok: OK
--- SCAN SUMMARY ---
Infected files: 1
Time: 0.061 sec (0 m 0 s)
Am 12.11.2013 12:39 schrieb Andreas Schulze:
> > > We added a file "local.ign2" containing one line: "Worm.Bagle.H-zippwd-1"
> > > clamscan called again and - nothing changed. Still marked as virus...
> > > Any hints/ideas?
I found a fantastic fact!
For testing I have the message as flat file in /
