Hi-- On May 7, 2012, at 8:16 AM, Pepijn Schmitz wrote: > I'm asking because ClamAV is currently causing trouble for me by falsely > detecting something it calls "Trojan.Agent-281708" in my program, > worldpainter_0.8.6.exe. I can find no information on this > "Trojan.Agent-281708" online. The only reference I find when I search for it > is this entry in the clamav-virusdb mailing list: > > Submission-ID: 42631477 > Sender: Virus Total > Sender: Anonymous > Added: Trojan.Agent-281708 > > What kind of trojan is this supposed to be? How does it spread? What does its > payload do? What other names is it known as to other virus scanners? How is > it being detected? What file was this trojan found in and its signature based > on? > > Is there any place online or as part of the program where I can find this > information?
VirusTotal is a site at https://www.virustotal.com/ which lets one upload files and scan them against all of the major malware engines. This will show you all of the false-positive matches and let you see what the malware is being called by the various vendors-- that might help track down what the payload is and does, and also give you some idea as to which vendors you ought to contact and submit your software to as a false-positive. Also, you can run sigtool from ClamAV to see what the hex string that is being matched is: % sigtool -fTrojan.Agent-281708 [daily.mdb] 133632:74da9128149f4e678783b4125095d396:Trojan.Agent-281708 Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
