Hi Török, On 07-05-12 21:46, Török Edwin wrote: > On 05/07/2012 09:44 PM, Al Varnell wrote: >> The hex string being matched is the MD5 of the file, but it doesn't match >> the one listed in VirusTotal so I'm confused here. > Its the MD5 of a section of your executable file [*] Virustotal doesn't print > those. Actually, Virus Total /does/ print the MD5's of the PE sections, and Al is right, the hex string sigtool says is the signature for Trojan.Agent-281708 is not among them! So something strange is definitely going on.
Another strange thing I didn't mention yet is that I first tried to submit the false positive through the web interface, but it wouldn't allow me to, because it said ClamAV did not detect any threats in the file! But my local copy of ClamAV definitely says that it contains "Trojan.Agent-281708", and so does the copy of ClamAV that Virus Total uses, apparently. So weird things are definitely going on. I hope it can be resolved quickly. If anyone is interested in the file in question, you can download it from http://www.pepsoft.org/worldpainter/updates/worldpainter_0.8.6.exe Kind regards, Pepijn Schmitz _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
