Steve Wray wrote: > Hi there, > I'm not sure this is the right mailing list for this but here goes anyway. > > I need to find out if I am dealing with a false positive or with a real > problem. > > I've been running clamav over some of our webservers content for the > past year or so and it has never found anything (apart from the eicar > test signature that I occasionaly drop in there to make sure the system > is working properly). > > It recently found something on two of our servers. Both servers run moodle. > > Clamav identifies it as JS.Dropper-14 > > The file concerned downloaded directly from the moodle site is also > identified as being infected though its a different version of the file > and differs slightly. > > You can find it here: > > http://cvs.moodle.org/moodle/mod/quiz/protect_js.php > > I've had our developers going over this code and they can't find > anything suspicious about it. Personally I'm suspicious of the huge > block of binary data... but I'm not really a programmer. > > Please advise. > > Thanks! > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html
get the opinion of many other scanners by submitting the file to http://virusscan.jotti.org/ or http://www.virustotal.com/ If nothing else finds it suspicious, submit the file as a false positive at http://www.clamav.org/sendvirus/ -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
