If you're concerned that they may be flagging with multiple signatures, you can also test using:
clamscan --allmatch It will scan for as many signatures as possible instead of just returning the first one it finds. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Aug 7, 2018, at 7:35 AM, Joel Esler (jesler) <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: Correct. Jar files are essentially zip files. Sent from my iPhone On Aug 7, 2018, at 07:00, Maarten Broekman <maarten.broek...@gmail.com<mailto:maarten.broek...@gmail.com>> wrote: JAR files can be unpacked like tarballs so it is likely that there is a common file in each that matches those hashes. Maarten Sent from a tiny keyboard On Aug 7, 2018, at 04:54, Albrecht, Peter <peter.albre...@wirecard.com<mailto:peter.albre...@wirecard.com>> wrote: Hi, I don't see how that is even remotely possibly. They are three completely different hash signatures: [daily.hsb] 9027093eab2a193081a763001e947371:4292:Html.Malware.Agent-6625344-0:73 [daily.hsb] 5591165097d53565d4e5f4e9fda8241a:7367:Html.Malware.Agent-6625164-0:73 [daily.hsb] f4116176a108054001a0e29e2ea105e6:6996:Html.Malware.Agent-6625283-0:73 You should have already submitted this file to ClamAV as a false positive, so what was it's MD5 hash? I have submitted two files which have been reported. Their MD5 sums are: 88cc3123fce88d61b7c2cdbfc33542c5 httpclient-4.3.3.jar 9221d898bfa2fa19fa9bc307351f34a1 storm-submit-tools-1.1.1.jar Strangely, they are reported with the same signature. And after whitelisting the first one, the second one is reported. And then the third ... This started about 10 days ago, nothing has been reported before that. Thanks, Peter Albrecht Senior Linux Administrator Wirecard Service Technologies GmbH Einsteinring 35 | 85609 Aschheim | Germany Tel: +49 (0) 89 4424-191076 https://www.wirecard.com ________________________________________________________________________________________________________ Amtsgericht München HRB Nummer 238 150 Geschäftsführer: Thomas Neef, Susanne Steidl, Yiannakis Ioannou VERTRAULICHE INFORMATIONEN! Diese E-Mail enthält vertrauliche Informationen und ist nur für den berechtigten Empfänger bestimmt. Wenn diese E-Mail nicht für Sie bestimmt ist, bitten wir Sie, diese E-Mail an uns zurückzusenden und anschließend auf Ihrem Computer und Mail-Server zu löschen. Solche E-Mails und Anlagen dürfen Sie weder nutzen, noch verarbeiten oder Dritten zugänglich machen, gleich in welcher Form. Wir danken für Ihre Kooperation! CONFIDENTIAL! This email contains confidential information and is intended for the authorized recipient only. If you are not an authorised recipient please return the email to us and then delete it from your computer and mail-server. You may neither use nor edit any such emails including attachments, nor make them accessible to third parties in any manner whatsoever. Thank you for your cooperation. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
