Am 17.03.16 um 12:01 schrieb Joel Esler (jesler): > Best thing to do is submit them as false positives on > ClamAV.net<http://clamav.net>
Thanks for the tipp. Will do so. cheers t. > -- > Joel Esler > iPhone > > On Mar 17, 2016, at 6:54 AM, Thomas Stein > <himbe...@meine-oma.de<mailto:himbe...@meine-oma.de>> wrote: > > Hello Clamav users. > > Last week i started to check a gentoo distfiles directory with clamscan. > To my big surprise clamscan found a lot of infected files. Taking a > closer look leads to the assumption all of them are false positives > because most of them are debugging tools. > > ClamAV update process started at Sun Mar 13 22:00:01 2016 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.99 Recommended version: 0.99.1 > DON'T PANIC! Read http://www.clamav.net/support/faq > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, > builder: neo) > daily.cld is up to date (version: 21464, sigs: 1878899, f-level: 63, > builder: neo) > bytecode.cld is up to date (version: 274, sigs: 49, f-level: 63, > builder: anvilleg) > /var/www/gentoomirror/distfiles/sbd-1.37.tar.gz: Win.Trojan.Agent-558335 > FOUND > /var/www/gentoomirror/distfiles/libzip-1.0.1.tar.xz: > Php.Exploit.CVE_2015_2331-2 FOUND > /var/www/gentoomirror/distfiles/sqlninja-0.2.6-r1.tgz: > W32.Hacktool.KiTrap-1 FOUND > /var/www/gentoomirror/distfiles/File-Scan-ClamAV-1.93.tar.gz: > ClamAV-Test-Signature FOUND > /var/www/gentoomirror/distfiles/olsrd-0.9.0.2.tar.bz2: > Java.Exploit.CVE_2013_2472-1 FOUND > /var/www/gentoomirror/distfiles/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND > /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.19.gem: > Java.Trojan.Agent-31 FOUND > /var/www/gentoomirror/distfiles/clamav-0.92.tar.gz: ClamAV-Test-File FOUND > /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.21.gem: > Java.Trojan.Agent-31 FOUND > /var/www/gentoomirror/distfiles/afl-1.80b.tgz: Win.Exploit.CVE_2015_0076 > FOUND > /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.22.gem: > Java.Trojan.Agent-31 FOUND > /var/www/gentoomirror/distfiles/olsrd-0.6.4.tar.bz2: > Java.Exploit.CVE_2013_2472-1 FOUND > /var/www/gentoomirror/distfiles/libwbxml-0.11.2.tar.bz2: > Win.Trojan.Ramnit-5837 FOUND > /var/www/gentoomirror/distfiles/framework-2.7.tar.gz: > Exploit.Alpha_Mixed FOUND > /var/www/gentoomirror/distfiles/libzip-1.1.1.tar.xz: > Php.Exploit.CVE_2015_2331-2 FOUND > /var/www/gentoomirror/distfiles/wbxml2-0.9.2.tar.gz: > Win.Trojan.Ramnit-5837 FOUND > /var/www/gentoomirror/distfiles/File-Scan-ClamAV-1.91.tar.gz: > ClamAV-Test-Signature FOUND > /var/www/gentoomirror/distfiles/anomy-sanitizer-1.76.tar.gz: > Exploit.WMF.Gen-1 FOUND > /var/www/gentoomirror/distfiles/LinkChecker-9.3.tar.gz: ClamAV-Test-File > FOUND > /var/www/gentoomirror/distfiles/lg-112.tar.gz: HTML.Phishing.Pay-239 FOUND > /var/www/gentoomirror/distfiles/afl-2.07b.tgz: Win.Exploit.CVE_2015_0076 > FOUND > /var/www/gentoomirror/distfiles/wbxml2-0.9.0-src.tar.gz: > Win.Trojan.Ramnit-5837 FOUND > /var/www/gentoomirror/distfiles/MailScanner-install-4.84.5-2.tar.gz: > Eicar-Test-Signature-1 FOUND > /var/www/gentoomirror/distfiles/lg-108.tar.gz: HTML.Phishing.Bank-1 FOUND > /var/www/gentoomirror/distfiles/Mail-ClamAV-0.21.tar.gz: > Eicar-Test-Signature FOUND > /var/www/gentoomirror/distfiles/lg-130.tar.gz: HTML.Phishing.Bank-791 FOUND > /var/www/gentoomirror/distfiles/Mail-ClamAV-0.22.tar.gz: > Eicar-Test-Signature FOUND > /var/www/gentoomirror/distfiles/nepenthes-0.2.2.tar.bz2: > Trojan.Downloader.Bat FOUND > /var/www/gentoomirror/distfiles/Mail-ClamAV-0.20.tar.gz: > Eicar-Test-Signature FOUND > /var/www/gentoomirror/distfiles/lg-issue86.tar.gz: Exploit.IFrame.Gen FOUND > /var/www/gentoomirror/distfiles/metasploit-payloads-1.0.15.gem: > Java.Trojan.Agent-31 FOUND > /var/www/gentoomirror/distfiles/clamav-0.92.1.tar.gz: ClamAV-Test-File FOUND > /var/www/gentoomirror/distfiles/lg-141.tar.gz: HTML.Phishing.Bank-473 FOUND > /var/www/gentoomirror/distfiles/libzip-1.1.tar.xz: > Php.Exploit.CVE_2015_2331-2 FOUND > > Is this a known behaviour? > > thanks and cheers > t. > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
