I don't see how that is even remotely possibly. They are three completely different hash signatures:
[daily.hsb] 9027093eab2a193081a763001e947371:4292:Html.Malware.Agent-6625344-0:73 [daily.hsb] 5591165097d53565d4e5f4e9fda8241a:7367:Html.Malware.Agent-6625164-0:73 [daily.hsb] f4116176a108054001a0e29e2ea105e6:6996:Html.Malware.Agent-6625283-0:73 You should have already submitted this file to ClamAV as a false positive, so what was it's MD5 hash? -Al- On Tue, Aug 07, 2018 at 12:20 AM, Albrecht, Peter wrote: > Hi, > > We have whitelisted certain signatures for files which are only detected by > ClamAV to be potentially malicious. And now we face the problem that the > same files are reported again, but with a different signature. I already had > this behaviour when I tested with the EICAR test virus. > > The signatures in question are now: > > Html.Malware.Agent-6625344-0 (whitelisted already) > Html.Malware.Agent-6625164-0 (new signature for the same files) > > After whitelisting the latter one, ClamAV comes again with a new signature: > > Html.Malware.Agent-6625283-0 > > It looks like there are multiple signatures defined for the same file. What > would you need from me to investigate further? > > We are using ClamAV 0.99.4 on Linux. The virus signatures are updated > directly before running clamscan. > > Regards, > > Peter > > Peter Albrecht
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
