Using clamav.0.99.3 to scan the latest Firefox ESR (52.6.0), and using various extra signatures from Sane Security, I get:
firefox-52.6.0-esr-32.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND firefox-52.6.0-esr-64.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND I get the same with Thunderbird (52.6.0): thunderbird-52.6.0-esr-32.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND thunderbird-52.6.0-esr-64.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND I *think* that this signature flags *all* zipped JS files, and (IIRC) both Firefox and Thunderbird have JS-containing JAR files. I hope that is all it is. P.S. My download script cleans up the filenames to make them easier to understand and also removes spaces, which make the filenames awkward as command line arguments. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
