It's been in the database for many years, so doubt that it's invalid, but could still be an FP in your specific case. The signature looks like this:
VIRUS NAME: Html.Trojan.Exploit-112 TARGET TYPE: HTML OFFSET: * bc f3 e3 f2 e9 f0 f4 [I padded the hex string with spaces to prevent this e-mail from being detected]. ClamAV doesn't publish detailed information most of it's signatures. Only the original signature writer might have it in his notes and I doubt he still works for them. Each vendor uses it's own unique name for signatures, so it's no wonder you weren't able to find anything, although I did find this from Dec 2017 which appears to believe it might be a False Positive from a Time Machine backup: <https://forum.qnapclub.de/thread/45902-virenfund-timemachinebackup-wie-finde-ich-die-dateien-auf-dem-macbook/>. You should upload that file to <https://www.virustotal.com> to help make your case. Then it should be uploaded to <http://www.clamav.net/reports/fp> so that it get's to the ClamAV signature team for resolution. You may get faster results if you post the link to VirusTotal results and a hash value for the file back here, to make it easier for all to help resolve it. -Al- > On Mar 4, 2019, at 00:24, Henrik Hoeg Thomsen1 via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Our Clamav scan just reported this signature to be forund in one of my > syslogarchives. > > Html.Trojan.Exploit-112 FOUND > > My best guess is that it is false-positive, as this filesystem is totally > isolated from any interactive user access. > > But where can i find the details behind this alert ? > > Google has no match on this.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
