Thanks for the link to virustotal. That is only showing clam AV and a product called VBA as showing positive.
I suspect both 2744 and 27239 are false positives given what Virus Total is saying. According to the daily virusDB (6278 and 6275 respectively) from 3/17 these were added yesterday. Interesting that Virus Total is responsible for adding 27239. Submission-ID: 2330952 Sender: Virus Total Added: Trojan.Spy-27239 Submission-ID: 698160 Sender: Jotti Added: Trojan.Spy-27244 I can provide whatever source files any one needs to tune the signatures for 27244 and 27239 later today. I am now going to attempt to get some amount of sleep. -J [EMAIL PROTECTED] wrote on 03/18/2008 04:45:52 AM: > > On 2008-03-18 10:34, [EMAIL PROTECTED] wrote: > > On a test server after a very long period of not detecting anything CLAM > > AV started reporting that it was seeing: > > > > /clamscan/servers/mudlake/opt/Dave/nmap-4.03.tgz: Trojan.Spy-27244 FOUND > > /clamscan/servers/mudlake/opt/Dave/nmap-4.03/mswin32/winpcap/Packet.dll: > > Trojan.Spy-27244 FOUND > > /clamscan/servers/mudlake/opt/Dave/nmap-4.03/mswin32/winpcap/WanPacket.dll: > > Trojan.Spy-27239 FOUND > > > > and: > >[...] > > The files in these directories are unchanged since 2006 so I'm curious if > > this might be a false positive. [...] > > > When in doubt, I submit the files to www.virustotal.com and see what other > AV-programs think about the file. > > > -- > Paul Bijnens, xplanation Technology Services Tel +32 16 397.511 > Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512 > http://www.xplanation.com/ email: [EMAIL PROTECTED] > *********************************************************************** > * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * > * F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * > * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * > * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * > * init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... * > * ... "Are you sure?" ... YES ... Phew ... I'm out * > *********************************************************************** > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html Disclaimer: Information in this message or an attachment may be government data and thereby subject to the Minnesota Government Data Practices Act, Minnesota Statutes, Chapter 13, may be subject to attorney-client or work product privilege, may be confidential, privileged, proprietary, or otherwise protected, and the unauthorized review, copying, retransmission, or other use or disclosure of the information is strictly prohibited. If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly delete this message from your computer system. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
