The alert was a false positive, and the offending signature has been removed.
Thanks, -Alain On Tue, Nov 12, 2019 at 10:35 AM Maarten Broekman via clamav-users < clamav-users@lists.clamav.net> wrote: > That's a hash signature. My guess is that there's 315 byte file inside the > jar that was marked. The 2.4 version of fop has a 315 byte class file > (PDFColorSpace.class) in it with a different MD5 hash. You might want to > unpack the fop.jar and see if any of the files there match. Chances are > some piece of malware included something similar that got included in the > signature creation process. > > [daily.hsb] > 94d13091a15154471ed3832f3c072567:315:Html.Malware.Agent-7380889-0:73 > > > On Tue, Nov 12, 2019 at 10:12 AM Andy Keller <andykel...@decisionlens.com> > wrote: > >> Hi group – >> >> >> >> We’ve had a file (/opt/nessus/var/nessus/report-engine/fop.jar) hitting >> for Html.Malware.Agent-7380889-0 since yesterday. This Apache file hasn’t >> been updated since March 2019 and I’m tempted to say this is a false >> positive (our Nessus server is also completely unreachable from the >> internet), but haven’t seen any traffic on this listserv and Google hasn’t >> helped much. Anybody have any similar hits? >> >> >> >> -- >> >> >> *Andy Keller *Director, Information Security and Compliance | CISSP, >> CCSK, Security+ | Decision Lens >> <http://www.decisionlens.com/>andykel...@decisionlens.com >> >> o: (703) 215-8282 >> >> >> >> >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
