Re: [clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?

Thu, 16 Feb 2017 13:18:57 -0800 

That alert caused by Win.Trojan.DarkKomet-5711346-0 is an FP. The signature
is being dropped.

Thanks for reporting,

- Alain

On Thu, Feb 16, 2017 at 3:17 PM, Mark Foley <mfo...@novatec-inc.com> wrote:

> I am running a scheduled clamscan on the IMAP mail folders. The command is:
>
> /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout
> --infected \
> --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/
>
> This scan turns up the following:
>
>
> /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.
> M717944P16540.mail,S=1444158,W=1463348:2,S:
> Win.Trojan.DarkKomet-5711346-0 FOUND
>
> /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.
> M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:
> SEC_deficiency_letter_to_Timbervest.pdf: Win.Trojan.DarkKomet-5711346-0
> FOUND
>
> This email has 4 .pdf attachments.  When I run clamscan manually on any of
> them
> I get no infections:
>
> $ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\
> Distribution.pdf
> 2011.06.08 Notification of Distribution.pdf: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 5832752
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.41 MB
> Data read: 0.08 MB (ratio 5.20:1)
> Time: 5.877 sec (0 m 5 s)
>
> Why? This is making it difficult to determine if there is an actual
> problem.
>
> This email is also from 2013, so unlikely it suddenly became infected.  I'm
> assuming a new signature was added.  This "malware" (?) started being
> reported
> Feburary 1st.
>
> I run freshclam twice a day.
>
> Thanks --Mark
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to