On 9/16/14 2:28 PM, Al Varnell wrote:
The following file was found in Adobe PhotoShop CS6 infected with
Win.Worm.Chir-681 (apparently added to the database earlier today):
/Applications/Adobe Photoshop CS6/Adobe Photoshop
CS6.app/Contents/Required/Droplet Template.exe
I’ve submitted it as a False Positive (MD5=fd5137d1998bf8fcbab832123dd72256),
but I’m curious about one thing.
Why doesn’t VirusTotal identify it as infected
<https://www.virustotal.com/en/file/86ee28923d4e7255762442fe93f220237197a756182ce320f5f6887b5c7147c5/analysis/1410901675/>
when it shows the .text PE section of the file matches the signature hash
(316287b0b4a47ada39244de795b7ca3c)?
-Al-
I see that same FP on my system.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
