This is a test signature that should have never made it through. We're immediately dropping it and pushing out a new build.
On Fri, Jun 24, 2022 at 9:51 AM Maarten Broekman via clamav-users < clamav-users@lists.clamav.net> wrote: > It's 100% a bad signature and should get removed. > > I just checked the current version of the akismet plugin ( > https://wordpress.org/plugins/akismet/) from WordPress and it is detected > by this signature but by nothing else: > https://virusscan.jotti.org/en-US/filescanjob/00ecsxf7es > > https://www.virustotal.com/gui/file/8ae9cc337449fd0daa82e3f1c329689ecc4de8905244f97e401be6fe3af33704 > > A month ago, this file wasn't detected by anything. > > I came in to work to find almost 2000 hits from this signature on zip > files ranging from WordPress plugins to zipped up log directories. > > --Maarten > > On Fri, Jun 24, 2022 at 9:12 AM G.W. Haywood via clamav-users < > clamav-users@lists.clamav.net> wrote: > >> Hi there, >> >> On Fri, 24 Jun 2022, Cyrille37 wrote: >> >> > I don't understand why, but it appends this morning on already existed >> files >> > (in the wp-cli cache folder) : >> > >> > Start Date: 2022:06:24 12:15:01 >> > End Date: 2022:06:24 12:15:17 >> > /home/caf37-pt/.wp-cli/cache/core/wordpress-5.8.3-fr_FR.zip: >> > Archive.Test.Agent2-9953724-0 FOUND >> > ... >> > I could not find on the web some discussions about >> > "Archive.Test.Agent2-9953724-0" except this one >> > >> https://answers.sap.com/questions/13665326/upload-application-content-failed-malware-detected.html >> >> The signature is mentioned in this morning's automated email from the >> ClamAV signatures database update process. >> >> I suspect that you're seeing a false positive, that's always a risk >> with new or updated signatures. >> >> Perhaps you can upload one of the flagged files to e.g. Jotti's Virus >> Scan or VirusTotal to see what a few other scanners make of it. >> >> -- >> >> 73, >> Ged. >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/Cisco-Talos/clamav-documentation >> >> https://docs.clamav.net/#mailing-lists-and-chat >> > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat > -- Christopher Marczewski Research Engineer, Talos Cisco Systems 443-832-2975
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
