Tim Edwards wrote: > The recent addition of Zip.Suspect.MiscDoubleExtension signatures has been > causing a lot of trouble for us, as it keeps getting flagged for completely > innocuous files such as foo_handle_pdf.js.
One common thread I've been seeing is that people reporting specific cases are reporting what I would consider a misfire for a "doubled extension"; that filename above only has one extension (.js) in my view. I would suggest updating this upstream to more narrowly target actual doubled extensions. I'm a little surprised I haven't see an FP locally. -kgd _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
