Hi Dan! Thank you for bringing this to our attention. From a quick check of some of the samples alerting with this signature it does seem like it could be causing FPs. The signature will be dropped for now.
Best regards, Lilia Gonzalez Malware Research Team Cisco Talos On Fri, Sep 10, 2021 at 12:44 PM <eric-l...@truenet.com> wrote: > Dan, > > > > You can use sigtool: > > #sigtool --find-sigs Pdf.Phishing.CWS4c384287-9890237-0 | sigtool > --decode-sigs > > > > Looks like a cmap definition so a definition of character sets to Unicode. > > Could definitely be a false positive, send samples to > https://www.clamav.net/reports/fp > > > > Sincerely, > > > > Eric Tykwinski > > TrueNet, Inc. > > P: 610-429-8300 > > > > *From:* clamav-users <clamav-users-boun...@lists.clamav.net> *On Behalf > Of *Dan Jaap via clamav-users > *Sent:* Friday, September 10, 2021 12:31 PM > *To:* clamav-users@lists.clamav.net > *Cc:* Dan Jaap <dj...@flclerks.com> > *Subject:* [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0 > > > > Can someone explain what the classification > “Pdf.Phishing.CWS4c384287-9890237-0” means? I assume it has something to > do with a link found in a document. However, we’ve had several of these > lately and I can’t see anything wrong with the documents. We’re using > clamav with OPSWAT Metadefender, integrated into a Web site. Each document > that is uploaded is scanned by the platform and clamav is the only engine > finding problems with the documents in question. I have already submitted > a sample document as a false positive, but have not heard back yet. I was > hoping to get more info here as to what Pdf.Phishing.CWS4c384287-9890237-0” > means. > > > > Here are some details for our clamav environment: > > VERSION > > 0.102.4-810 > > DATABASE VERSION > > 1631145600 > > DEFINITION UPDATES > > Up to date (up to date ) > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
