Hello ClamAV-Team,
thank you that you have evaluated the reported file again, as it has
been announced in your email reply to the false positive report.
During the last security scan it has been marked as
Pdf.Malware.Agent-9892145-0, as it is now on virustotal.com, see [1].
The relations tab on virustotal shows that the following URL has been
contacted:
https://ardownload3.adobe.com/pub/adobe/reader/win/AcrobatDC/2100520060/AcroRdrDCUpd2100520060_MUI.msp
<https://www.virustotal.com/gui/url/7c4e67e54d907af04cc1d8acaa55d85a4a9576e6bb3bb7a8f593b805ee6853ae>
This URL seems point to the last Acrobat Reader download that includes a
security patch. No security vendors flagged this URL as malicious, see [2].
There are questions that we have at the moment. What is the best way to
explain to external partners why the file is a threat and what concrete
harm it can cause?
It would be really great if you could give us a hint to answer those
questions.
With best regards,
Andreas
[1]:
https://www.virustotal.com/gui/file/d35e58f4654ce1c72c76693b8b3d29132bc7e5d9ed3219e0c16d1cbb309235a4/
[2]:
https://www.virustotal.com/gui/url/7c4e67e54d907af04cc1d8acaa55d85a4a9576e6bb3bb7a8f593b805ee6853ae/detection
--
--
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
