Hello,
Am 20.04.2016 um 09:20 schrieb Al Varnell:
The signature was just added yesterday in daily:21498 and yes it is an MD5 of
size 892 bytes, so it could well be an FP.
Not sure what you mean by “automatic created md5 Signature” and given that it’s
a JavaScript I don’t know how you can conclude it’s contents “looks ok”, but
you did the right thing by submitting it for consideration.
i think not every code is reviewed manually, according to the source.
For me code dont looks suspicious. But lets wait for opinion of the pro's.
AegisLab also seems to think it’s infected, but VT believes it’s “Probably
harmless!":
<https://www.virustotal.com/en/file/1f6d3e09969916e203c940124ef19b654464ed322c756530e1bcb1267cc93e2c/analysis/>
This should be self evident, but for the ClamAV Signature Team’s Info:
MD5=585005690e530e8047374cf14e479281
-Al-
On Wed, Apr 20, 2016 at 12:02 AM, Hajo Locke wrote:
Hello,
there seems to be a new FP within a Wordpress Plugin.
Download ist here:
https://jetpack.com/install/?from=wporg
http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip
File jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js is
reported as Win.Trojan.Agent-1395367
Seems to be an automatic created md5 Signature, because content of file looks ok
http://pastebin.com/zi2TcJJF
I already reported this as FP at http://www.clamav.net/reports/fp
I hope to get this fixed fast because our costumers use this plugin a lot and i
dont want to make a new global whitelisting.
Thanks,
Hajo
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Hajo
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
