The offending signature will be dropped in the next daily.cvd. Until then, I'd suggest adding it to your local ignore database (.ign2). See https://www.clamav.net/documents/whitelist-databases for more information.
Thanks, demonduck On Wed, Feb 5, 2020 at 9:13 AM Maarten Broekman via clamav-users < clamav-users@lists.clamav.net> wrote: > This signature is hitting false positives. It seems to be a relatively old > signature, but the subsignatures seem to be rather generic so it's > difficult to know why this is supposed to be malicious. > > VIRUS NAME: Doc.Downloader.Emotet-7196349-0 > TDB: Engine:51-255,Target:2 > LOGICAL EXPRESSION: 0&1&2&3&4 > * SUBSIG ID 0 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > Bedfordshire > * SUBSIG ID 1 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > Buckinghamshire > * SUBSIG ID 2 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > Cambridgeshire > * SUBSIG ID 3 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > Fantastic > * SUBSIG ID 4 > +-> OFFSET: ANY > +-> SIGMOD: NONE > +-> DECODED SUBSIGNATURE: > Gorgeous > > False positive VT scan: > https://www.virustotal.com/gui/file/f5d047b2e88f2ebf7beb2593d877c7b9bd7b25d7c28fde0ca8540e96104556f1/detection > > MD5: 6e038caa6be70e02533b0a3c6c223b7d:3536896 > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
