Hi there, I'm not sure this is the right mailing list for this but here goes anyway.
I need to find out if I am dealing with a false positive or with a real problem. I've been running clamav over some of our webservers content for the past year or so and it has never found anything (apart from the eicar test signature that I occasionaly drop in there to make sure the system is working properly). It recently found something on two of our servers. Both servers run moodle. Clamav identifies it as JS.Dropper-14 The file concerned downloaded directly from the moodle site is also identified as being infected though its a different version of the file and differs slightly. You can find it here: http://cvs.moodle.org/moodle/mod/quiz/protect_js.php I've had our developers going over this code and they can't find anything suspicious about it. Personally I'm suspicious of the huge block of binary data... but I'm not really a programmer. Please advise. Thanks! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
