Not sure that this is a FP. - Alain
On Tue, Dec 5, 2017 at 2:05 AM, Al Varnell <alvarn...@mac.com> wrote: > That said, here is some info on the signature itself. > > It was added to the ClamAV database on Oct 3 of this year. It appears to > be malformed in the first subsig where the Offset and Sigmod are missing > and the signature shown as offset: > > $ sigtool -fEmail.Phishing.VOF2-6336843-0|sigtool --decode-sigs > VIRUS NAME: Email.Phishing.VOF2-6336843-0 > TDB: Engine:81-255,Target:4 > LOGICAL EXPRESSION: 1 > * SUBSIG ID 0 > +-> OFFSET: 436f6e74656e742d446973706f736974696f6e3a > +-> SIGMOD: > +-> DECODED SUBSIGNATURE: > > * SUBSIG ID 1 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > +-> TRIGGER: 0 > +-> REGEX: filename <redacted to prevent this e-mail from being > judged as infected> > +-> CFLAGS: (null) > > ClamAV is the only scanner on VirusTotal that believes this file to be > infected: > <https://www.virustotal.com/en/file/02d9e26a11faf5a0a5fb6ce274738d > 9d83734d6aa78172f27c55628721ee4f79/analysis/1512451286/>. > > -Al- > > On Mon, Dec 04, 2017 at 09:19 PM, Al Varnell wrote: > > Never include suspected malware (or unproven false positives) or links > thereto to this list. Upload it to <http://www.clamav.net/reports/fp < > http://www.clamav.net/reports/fp> <http://www.clamav.net/reports/fp < > http://www.clamav.net/reports/fp>>> and post a hash value here with an > explanation as to why you suspect it to be a False Positive. > > > > -Al- > > > > On Mon, Dec 04, 2017 at 08:47 PM, Walter H. wrote: > >> see attached file/mail ... > >> > >> Walter > >> <virus.g5hIXb>_______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > <mailto:clamav-users@lists.clamav.net <mailto:clamav-users@lists. > clamav.net>> > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users < > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
