Although most, if not all the Win.Trojan.Toa old signatures were either dropped by Daily - 22782, I see it also added Win.Trojan.Toa-5368540-0, so that would appear to be a new issue.
-Al- On Mon, Dec 26, 2016 at 05:24 PM, Christian Balzer wrote: > > Hello, > > On Mon, 26 Dec 2016 19:21:25 -0000 Steve Basford wrote: > >> >> On Mon, December 26, 2016 6:55 pm, Mark Edwards wrote: >>> In keeping with the other false positive reports I have more than 400 >>> CentOS servers report below after yesterday's freshclam update: >> >> Yes, nashorn.jar seems to get hit too... >> >> eg: >> >> fp2\11476331d01: Win.Trojan.Toa-5372078-0 >> fp2\200ENGI.EXE: Win.Trojan.Toa-5380327-0 >> fp2\3A627716d01: Win.Trojan.Toa-5372078-0 >> fp2\firefox-hot...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0 >> fp2\Microsoft Virtual PC 2004 MSDN.msi: Win.Trojan.Toa-5370996-0 >> fp2\nashorn.jar: Win.Trojan.Toa-5370166-0 >> fp2\startupCache.4.little: Win.Trojan.Toa-5370166-0 >> >> and the earlier reported FP's are still there: >> >> fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0 >> fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0 >> fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0 >> fp\l...@mozilla.org.xpi: Win.Trojan.Toa-5370166-0 >> fp\omni.ja: Win.Trojan.Toa-5370166-0 >> fp\org-netbeans-modules-javascript-nodejs.jar: Win.Trojan.Toa-5370166-0 >> fp\privacy_badger-1.7.0-fx.xpi: Win.Trojan.Toa-5370166-0 >> >> etc. >> >> IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing done >> in full after holidays. >> > I can only second that. > And add Win.Trojan.Toa-5368540-0 to the list of FPs. > > At this rate the previous bit about "Clamscan becoming its own worst > enemy." can not be underestimated. > This is the 2nd, VERY visible FP avalanche in so many months and since it > affects a lot of people here including internal business mails. > Reflecting badly on all OSS projects and SW. > > Christian > >> As the issues go on... >> >> https://forum.kaspersky.com/index.php?s=252c49e91f4e5a6572be42fda3a1ff56&showtopic=363061 >> >> https://www.joomlashine.com/forum/other-products/169144-uniform-package-has-win-trojan-toa-5370166-0
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
