That's a hash signature. My guess is that there's 315 byte file inside the jar that was marked. The 2.4 version of fop has a 315 byte class file (PDFColorSpace.class) in it with a different MD5 hash. You might want to unpack the fop.jar and see if any of the files there match. Chances are some piece of malware included something similar that got included in the signature creation process.
[daily.hsb] 94d13091a15154471ed3832f3c072567:315:Html.Malware.Agent-7380889-0:73 On Tue, Nov 12, 2019 at 10:12 AM Andy Keller <andykel...@decisionlens.com> wrote: > Hi group – > > > > We’ve had a file (/opt/nessus/var/nessus/report-engine/fop.jar) hitting > for Html.Malware.Agent-7380889-0 since yesterday. This Apache file hasn’t > been updated since March 2019 and I’m tempted to say this is a false > positive (our Nessus server is also completely unreachable from the > internet), but haven’t seen any traffic on this listserv and Google hasn’t > helped much. Anybody have any similar hits? > > > > -- > > > *Andy Keller *Director, Information Security and Compliance | CISSP, > CCSK, Security+ | Decision Lens > <http://www.decisionlens.com/>andykel...@decisionlens.com > > o: (703) 215-8282 > > > > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
