Hello, Since Saturday (2018-07-28) we are seeing many reports from clamscan having found (possibly) infected files. I suspect these are false positives because checking the files on virustotal.com returns only clamav reporting them as infected.
The reported files are mostly jar files used by our applications (e.g. httpclient-*.jar, httpcore-*.jar in different versions). These are the signatures which produce most of the reports: Html.Malware.Agent-6625161-0 Html.Malware.Agent-6625163-0 Html.Malware.Agent-6625207-0 Html.Malware.Agent-6625208-0 Html.Malware.Agent-6625209-0 Html.Malware.Agent-6625345-0 Currently, we have whitelisted the above signatures. I suspect that it is an error in the database because that's the only thing that has changed since Friday. We are using clamav 0.99.4 and 0.100.0 on Linux with a daily update of the virus signatures. I have uploaded the file which generated the most reports yesterday to clamav.net and requested doublechecking if that would be a false positive. Does anybody else see such a behaviour? Any ideas of what might be the reason? Any suggestions what to do? Whitelisting all reported signatures would not be our preferred solution ... Thanks a lot, Peter Albrecht Senior Linux Administrator Wirecard Service Technologies GmbH Einsteinring 35 | 85609 Aschheim | Germany Tel: +49 (0) 89 4424-191076 https://www.wirecard.com ________________________________________________________________________________________________________ Amtsgericht München HRB Nummer 238 150 Geschäftsführer: Thomas Neef, Susanne Steidl, Yiannakis Ioannou VERTRAULICHE INFORMATIONEN! Diese E-Mail enthält vertrauliche Informationen und ist nur für den berechtigten Empfänger bestimmt. Wenn diese E-Mail nicht für Sie bestimmt ist, bitten wir Sie, diese E-Mail an uns zurückzusenden und anschließend auf Ihrem Computer und Mail-Server zu löschen. Solche E-Mails und Anlagen dürfen Sie weder nutzen, noch verarbeiten oder Dritten zugänglich machen, gleich in welcher Form. Wir danken für Ihre Kooperation! CONFIDENTIAL! This email contains confidential information and is intended for the authorized recipient only. If you are not an authorised recipient please return the email to us and then delete it from your computer and mail-server. You may neither use nor edit any such emails including attachments, nor make them accessible to third parties in any manner whatsoever. Thank you for your cooperation. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
