Mark, Thanks for the feedback, you are right, I am experiencing some high counts in the Txt.Malware.Agent family.
I’ve disabled this engine for now. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Nov 22, 2016, at 12:02 PM, Mark Allan <markjal...@gmail.com<mailto:markjal...@gmail.com>> wrote: Hi all, I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] containing a number of files which ClamAV incorrectly detects as various strains of Txt.Malware.Agent My experience may be slightly skewed, but it seems that the rate of FPs has increased a lot lately, and they mostly appear to be being caused by hash-based signatures. I'm wondering if this is related to Joel's recent admission that the signature generation process is almost entirely automated now. Is it possible that someone is targeting ClamAV and reporting known-clean files as if they were infected? To what end, I'm not sure, but I can't shake the feeling that something's not right... Mark _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
