On 05/07/2012 09:44 PM, Al Varnell wrote: > On 5/7/12 10:49 AM, "Pepijn Schmitz" <cla...@pepsoft.org> wrote: > >> Hi Chuck, >> >> On 07-05-12 19:17, Chuck Swiger wrote: >>> VirusTotal is a site at https://www.virustotal.com/ which lets one upload >>> files and scan them against all of the major malware engines. This will >>> show >>> you all of the false-positive matches and let you see what the malware is >>> being called by the various vendors-- that might help track down what the >>> payload is and does, and also give you some idea as to which vendors you >>> ought to contact and submit your software to as a false-positive. >> >> Yes I know. Virus Total is what told me that ClamAV (and only ClamAV) is >> identifying my file as containing a trojan: >> >> https://www.virustotal.com/file/2a7b249b52e7c42c8ca56e97bc4165e0a5e68f8c43808e >> fd8c322e274a34b211/analysis/ >> >>> Also, you can run sigtool from ClamAV to see what the hex string that is >>> being matched is: >>> >>> % sigtool -fTrojan.Agent-281708 >>> [daily.mdb] 133632:74da9128149f4e678783b4125095d396:Trojan.Agent-281708 >> >> Thanks, good to know. Seems like that hex string is not distinctive >> enough! I already reported the file as a false positive (using ClamTk). >> Are those reports generally responded to quickly? Is there any way I can >> help to speed along the process? >> > The hex string being matched is the MD5 of the file, but it doesn't match > the one listed in VirusTotal so I'm confused here.
Its the MD5 of a section of your executable file [*] Virustotal doesn't print those. [*] a typical executable has several sections used to store code, data, resources, and so on. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
