Looking at the original file and what was uploaded to VT, this signature is the md5sum of 43180 null bytes. While I would say this is definitely Junk.Corrupted, it's not malicious. I'll drop it.
Thanks for the report. On Thu, Feb 6, 2014 at 6:12 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > > > Hi Clamav Users, > > > > I'm getting a FP-Alert from a customer regarding the following sig: > > > > main.hdb:15c9c9ed5046a885d241afd2159c236a:43180:Junk.Corrupted-50 > > > > The scan is done on our inbound authenticated mail host, which rejects > our > > customer's mail with the following error-message: > Hi, > > The above signature is just an md5 hash of a file, that's 43,180 long... > > ie: VirusTotal info (DHL report DOT zip) > > > https://www.virustotal.com/en/file/4616d4fced326d3b638598bc516f80b9fefb23ad97394aa529797800c509e92c/analysis/ > > Sorry I can't help more... > > Cheers, > > Steve > Sanesecurity > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
