Re: [clamav-users] Massive amount of false positives on Html.Trojan.Iframe-6390207-0 / Html.Trojan.Iframe-6390207-0

Wed, 06 Dec 2017 09:04:27 -0800 

Thanks for reporting this FP Maarten. We are in the process of fixing this
and will replace this signature.

- Alain

On Wed, Dec 6, 2017 at 11:54 AM, Maarten Broekman <
maarten.broek...@gmail.com> wrote:

> VIRUS NAME: Html.Trojan.Iframe-6390207-0
> TDB: Engine:51-255,FileSize:16384-65536,Target:3
> LOGICAL EXPRESSION: 0
>  * SUBSIG ID 0
>  +-> OFFSET: ANY
>  +-> SIGMOD: NONE
>  +-> DECODED SUBSIGNATURE:
> ><img src="images/pixel_trans.gif" border="0" alt="" width="100%
>
> Question: how is that even something to be 'suspicious' of? There is zero
> context around it let alone match on an iframe tag.
>
> Similarly:
> VIRUS NAME: Html.Trojan.Hidelink-6390190-0
> TDB: Engine:51-255,FileSize:16384-65536,Target:0
> LOGICAL EXPRESSION: 0
>  * SUBSIG ID 0
>  +-> OFFSET: ANY
>  +-> SIGMOD: NONE
>  +-> DECODED SUBSIGNATURE:
> <![CDATA[ */
> var dropdown = document.getElementById("cat");
> fu
>
> This seems like a common technique for generating dropdown menus for in CMS
> applications.
>
> Maarten
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to