On Feb 17, 2016, at 9:01 PM, Tsutomu Oyamada wrote: > A false positive which detects normal file as a malware > "win.Trojan.Bancos-2115" was occurred last week. > It was started CVD version 21359 and was fixed by 21362. > Could you tell us what was the cause of this false positive?
Did you read the lengthy discussion on this very subject earlier today? Anything I could say would be pure speculation. Only the ClamAV Signature Team can give you an exact answer to that, should they elect to do so. > And also, could you tell us what steps do you take to prevent false positives? Submit samples to ClamAV’s Report False Positives page <http://www.clamav.net/reports/fp>, subscrible to clamav-virusdb and wait. If it seriously impacts your operations, add a local.ign2 file to the database containing the infection name or a local.fp file containing the name of the detected file(s) until resolved. > I have another question, has the false positive of > "Zip.Suspect.MacroDoubleExtension-zippwd" fixed? Not for me, but there were a number of different types of files involved, so everybody that has one or more needs to submit them. > T.Oyamada -Al- -- Al Varnell ClamXav User
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
