Alex Georgopoulos wrote: > First I would like to say I've submitted files via the web interface with > the false positive using the method from the FAQ. I have a bunch of excel > files that won't get through because clam thinks it has this W97 macro > virus. We have had 3 commercial AV vendors analyze this file and they said > it is not a macro virus but I cannot get any response from the clam devs as > to why they think it is one. Anybody out there seeing this too? This is > causing a serious issue with our customer and if I can't get any feedback I > am going to be forced to abandon the product which is something I don't > want > to do. > _______________________________________________ > http://lurker.clamav.net/list/clamav-users.html > >
Hello Alex, The file you've submitted was likely badly cleaned by some AV software. I can confirm the file itself doesn't contain any active malicious code, but, due to the partial cleaning, some part of it are still inside it. You can check that yourself through a simple: strings FILENAME.xls | grep '^\*\*' Also, yours was the first false positive report in more than one year. Sorry, but to me it makes no sense to remove such a signature. Regards, -aCaB _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
