Henrik, The reference file that we have for that signature appears to contain CVE-2006-3227.
If you can share the file then use the FP reporting option < http://www.clamav.net/reports/fp> to have the signature reassessed. Thank you. On Mon, Mar 4, 2019 at 3:57 AM Al Varnell via clamav-users < clamav-users@lists.clamav.net> wrote: > It's been in the database for many years, so doubt that it's invalid, but > could still be an FP in your specific case. The signature looks like this: > > VIRUS NAME: Html.Trojan.Exploit-112 > TARGET TYPE: HTML > OFFSET: * > bc f3 e3 f2 e9 f0 f4 > [I padded the hex string with spaces to prevent this e-mail from being > detected]. > > ClamAV doesn't publish detailed information most of it's signatures. Only > the original signature writer might have it in his notes and I doubt he > still works for them. Each vendor uses it's own unique name for signatures, > so it's no wonder you weren't able to find anything, although I did find > this from Dec 2017 which appears to believe it might be a False Positive > from a Time Machine backup: < > https://forum.qnapclub.de/thread/45902-virenfund-timemachinebackup-wie-finde-ich-die-dateien-auf-dem-macbook/ > >. > > You should upload that file to <https://www.virustotal.com> to help make > your case. > > Then it should be uploaded to <http://www.clamav.net/reports/fp> so that > it get's to the ClamAV signature team for resolution. > > You may get faster results if you post the link to VirusTotal results and > a hash value for the file back here, to make it easier for all to help > resolve it. > > -Al- > > > On Mar 4, 2019, at 00:24, Henrik Hoeg Thomsen1 via clamav-users < > clamav-users@lists.clamav.net> wrote: > > > > Our Clamav scan just reported this signature to be forund in one of my > syslogarchives. > > > > Html.Trojan.Exploit-112 FOUND > > > > My best guess is that it is false-positive, as this filesystem is > totally isolated from any interactive user access. > > > > But where can i find the details behind this alert ? > > > > Google has no match on this. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Matthew Molyett Malware Researcher mmoly...@cisco.com
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
