This one was added on Friday in daily:21494 Similar results as before on VT: <https://www.virustotal.com/en/file/4d81cd951bc1cc8095a0b6385baa47b9c5fb6fe1440661563a09dbd2f7e243db/analysis/>
-Al- On Wed, Apr 20, 2016 at 01:45 AM, Hajo Locke wrote: > > Hello, > > Am 20.04.2016 um 09:31 schrieb Hajo Locke: >> Hello, >> >> Am 20.04.2016 um 09:20 schrieb Al Varnell: >>> The signature was just added yesterday in daily:21498 and yes it is an MD5 >>> of size 892 bytes, so it could well be an FP. >>> >>> Not sure what you mean by “automatic created md5 Signature” and given that >>> it’s a JavaScript I don’t know how you can conclude it’s contents “looks >>> ok”, but you did the right thing by submitting it for consideration. >> >> i think not every code is reviewed manually, according to the source. For >> me code dont looks suspicious. But lets wait for opinion of the pro's. >>> >>> AegisLab also seems to think it’s infected, but VT believes it’s “Probably >>> harmless!": >>> <https://www.virustotal.com/en/file/1f6d3e09969916e203c940124ef19b654464ed322c756530e1bcb1267cc93e2c/analysis/> >>> >>> >>> This should be self evident, but for the ClamAV Signature Team’s Info: >>> MD5=585005690e530e8047374cf14e479281 > Found same issue with other file. > File qppr_frontend_script.min.js is reported as Win.Trojan.Agent-1395005 > This is part of Wordpress Quick Page/Post Redirect Plugin > https://de.wordpress.org/plugins/quick-pagepost-redirect-plugin/installation/ > > MD5=952e1832aad1345100c20d86639900e5 >>> >>> -Al- >>> >>> On Wed, Apr 20, 2016 at 12:02 AM, Hajo Locke wrote: >>>> Hello, >>>> >>>> there seems to be a new FP within a Wordpress Plugin. >>>> Download ist here: >>>> https://jetpack.com/install/?from=wporg >>>> http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip >>>> >>>> File >>>> jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js is >>>> reported as Win.Trojan.Agent-1395367 >>>> >>>> Seems to be an automatic created md5 Signature, because content of file >>>> looks ok >>>> http://pastebin.com/zi2TcJJF >>>> >>>> I already reported this as FP at http://www.clamav.net/reports/fp >>>> I hope to get this fixed fast because our costumers use this plugin a lot >>>> and i dont want to make a new global whitelisting. >>>> >>>> Thanks, >>>> Hajo
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
