The signature needs a little tweaking, and will be revised. Revision 0 (Txt.Coinminer.Generic-7132166-0) has been dropped and this will be reflected in the next signature update.
- Alain On Tue, Aug 27, 2019 at 11:25 AM Brian Cole via clamav-users < clamav-users@lists.clamav.net> wrote: > > > Has anyone else seen a false positive from ClamAV, as a result of the > August 24 signature update when the signature > Txt.Coinminer.Generic-7132166-0 was added ? > > > > Specifically, we are seeing ClamAV think that CoinMiner virus exists in a > cleartext file on Linux, even though CoinMiner is an executable virus > attacking Windows. The file causing the false positive is the > /var/log/sid_changes.log file, which is the text log file written by > PulledPork when it updates Snort IDS signatures. I would imagine anyone > running Snort, PulledPork and ClamAV on the same Linux machine would see > this false positive. > > > > I submitted a false positive to ClamAV yesterday, but it may be that > whatever pattern that virus signature is looking for is too simplistic. > > > > …Brian > > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
