Nice responses, here is the hash f9933dfc18107383b4093206daba283d106f86acb6284c92632f5a43143040c6 I provided the file in question to F-Secure, Microsoft and Sophos labs for manual review and they returned no threat.
Odd that Microsoft still reports threat on Virustotal, my guess is that is due to autodetection. https://www.virustotal.com/gui/file/f9933dfc18107383b4093206daba283d106f86acb6284c92632f5a43143040c6/detection Look forward to your thoughts. Thanks, Doug On Tue, Dec 10, 2019 at 11:33 AM Eric Tykwinski <eric-l...@truenet.com> wrote: > Found an article on it: > > > https://www.intego.com/mac-security-blog/osxproton-malware-is-back-heres-what-mac-users-need-to-know/ > > > > > > > > *From:* clamav-users [mailto:clamav-users-boun...@lists.clamav.net] *On > Behalf Of *Al Varnell via clamav-users > *Sent:* Tuesday, December 10, 2019 11:25 AM > *To:* ClamAV users ML > *Cc:* Al Varnell > *Subject:* Re: [clamav-users] Elmedia Player.app detection > > > > That signature has been in the database since Oct 20, 2017 and is a hash > signature, so there's little chance of it being an FP. > > [daily.hsb] > 17fe5ebacff74bfb6028eb371ceeaf2b:2484384:Osx.Trojan.Proton-6352635-0:73 > > > > -Al- > > ClamXAV User > > > > On Tue, Dec 10, 2019 at 06:02 AM, Douglas Stinnette wrote: > > Seems to me that this is a false positive. > /Applications/Elmedia Player.app/Contents/MacOS/Elmedia Player > Osx.Trojan.Proton-6352635-0 FOUND > > > > I sent a copy of the file to other vendors to double check it and they > reported it was not malware. > > I have submitted false positives to ClamAV before and never received an > update on them: > https://www.clamav.net/reports/fp > > What do others do when they get ClamAV false positives? > Thanks, > Doug > > > > > > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Doug Stinnette VCU Technology Services Endpoint Security Specialist Virginia Commonwealth University 827-0933 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
