There are still positives "Zip.Suspect.MacroDoubleExtension-zippwd". (see attached file) To resolve this false positive when it does?
On Wed, 17 Feb 2016 20:16:02 -0800 Dennis Peterson <denni...@inetnw.com> wrote: > My experience with these kind of failures is that the pattern is not properly > anchored or the writer doesn't understand greedy grep patterns or both. > Fallout from the new pcregrep, perhaps? I've not analyzed it so am > speculating here, but lessons learned after decades of doing this is of regex > results amaze you then you have probably screwed up somewhere when writing > the pattern. Or as one of my staff liked to say, something we're sure of is > wrong. > > dp > > On 2/16/16 7:02 PM, Al Varnell wrote: > > Resubmited. > > > > 87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a:319649:pg3726-images.epub > > > > -Al- > > > > On Feb 14, 2016, at 4:34 PM, Al Varnell <alvarn...@mac.com> wrote: > > > >> I attempted to submit the sample I have to > >> http://www.clamav.net/reports/fp and it was similarly rejected as "empty." > >> Scanned the file on my computer after updating definitions still shows it > >> as infected. Uploading it to VirusTotal results in only a ClamAV > >> detection: > >> <https://www.virustotal.com/en/file/87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a/analysis/1455495993/>. > >> > >> > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
