Hi Chuck, On 07-05-12 19:17, Chuck Swiger wrote: > VirusTotal is a site at https://www.virustotal.com/ which lets one upload > files and scan them against all of the major malware engines. This will show > you all of the false-positive matches and let you see what the malware is > being called by the various vendors-- that might help track down what the > payload is and does, and also give you some idea as to which vendors you > ought to contact and submit your software to as a false-positive.
Yes I know. Virus Total is what told me that ClamAV (and only ClamAV) is identifying my file as containing a trojan: https://www.virustotal.com/file/2a7b249b52e7c42c8ca56e97bc4165e0a5e68f8c43808efd8c322e274a34b211/analysis/ > Also, you can run sigtool from ClamAV to see what the hex string that is > being matched is: > > % sigtool -fTrojan.Agent-281708 > [daily.mdb] 133632:74da9128149f4e678783b4125095d396:Trojan.Agent-281708 Thanks, good to know. Seems like that hex string is not distinctive enough! I already reported the file as a false positive (using ClamTk). Are those reports generally responded to quickly? Is there any way I can help to speed along the process? And is there no place where I can find more information about the trojan ClamAV thinks it is detecting? Surely there is more information than a hex string, somewhere? Kind regards, Pepijn Schmitz _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
