On 1. dec. 2014 15.58.15 Shawn Webb <sw...@sourcefire.com> wrote:
No need to extract files prior to submission, though it would certainly accelerate analysis if you did. The acronym "FP" means "False Positive"--a file that erroneously caused ClamAV to report a virus. The acronym "FN" means "False Negative"--a file that was erroneously reported as clean by ClamAV.
Thanks now i know the diffrence, will submit some fn, currently only detected with foxhole, but i think the real virus/malware should be detected undepended of archive extension
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
