Awesome answer - thank you.
The FP was on two files from the latest version of webmin. I'll submit
them for consideration and et the experts decide if it is a false
positive or truely an issue.
On another note - clamAV has been finding php scripts in a third party
dev site that other 'commercial' avs haven't. Virustotal confirmed the
issues and a manual scan of the code did too - I'm impressed.
shane
On 2015-08-12 18:23, Al Varnell wrote:
I may be totally misunderstanding your question, but I’ll tell you
what I know and perhaps somebody from ClamAV will have a better answer
for you later.
In general, all False Positive should be reported using the “Report
False Positive” page:
<http://www.clamav.net/report/report-fp.html>.
I know there was a period of time when PUA could not be submitted, but
I don’t see any such restrictions at the moment.
As you can imagine, PUA FP’s are often in the eyes of the beholder.
For instance, if the signature was meant to identify a parental
control application that can be used to track user activity, but
instead it identifies a word processor application, then it’s clearly
an FP. If it identifies a web site that is able to access clipboard
data from IE 7 through 11, then it’s PUA, whether intentional or not.
Again, in general, there is no public information available on an
infection to be “looked up”. The signature writer might have
something in their notes about it, but that’s as far as it ever goes.
So I don’t know what you want to look up, but you have already looked
in all the right places (Google and VirusTotal).
If you are interested in knowing what the signature looks like, then
you can look it up at:
<http://clamav-du.securesites.net/cgi-bin/clamgrok>
or use
sigtool --find [infectionname]
and if it’s decodable
sigtool —find [infectionname] | signal —decode-sig
-Al-
On Tue, Aug 11, 2015 at 08:52 PM, sh...@virusbusters.co.nz wrote:
is there a place that common false positives can be either registered
or looked up?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
