Build 26583 for daily.cvd is ready for use. We're also taking additional steps and safety measures to ensure experimental signatures are not eligible for additions to any published CVD.
On Fri, Jun 24, 2022 at 10:36 AM Christopher Marczewski < cmarczew...@sourcefire.com> wrote: > This is a test signature that should have never made it through. We're > immediately dropping it and pushing out a new build. > > On Fri, Jun 24, 2022 at 9:51 AM Maarten Broekman via clamav-users < > clamav-users@lists.clamav.net> wrote: > >> It's 100% a bad signature and should get removed. >> >> I just checked the current version of the akismet plugin ( >> https://wordpress.org/plugins/akismet/) from WordPress and it is >> detected by this signature but by nothing else: >> https://virusscan.jotti.org/en-US/filescanjob/00ecsxf7es >> >> https://www.virustotal.com/gui/file/8ae9cc337449fd0daa82e3f1c329689ecc4de8905244f97e401be6fe3af33704 >> >> A month ago, this file wasn't detected by anything. >> >> I came in to work to find almost 2000 hits from this signature on zip >> files ranging from WordPress plugins to zipped up log directories. >> >> --Maarten >> >> On Fri, Jun 24, 2022 at 9:12 AM G.W. Haywood via clamav-users < >> clamav-users@lists.clamav.net> wrote: >> >>> Hi there, >>> >>> On Fri, 24 Jun 2022, Cyrille37 wrote: >>> >>> > I don't understand why, but it appends this morning on already existed >>> files >>> > (in the wp-cli cache folder) : >>> > >>> > Start Date: 2022:06:24 12:15:01 >>> > End Date: 2022:06:24 12:15:17 >>> > /home/caf37-pt/.wp-cli/cache/core/wordpress-5.8.3-fr_FR.zip: >>> > Archive.Test.Agent2-9953724-0 FOUND >>> > ... >>> > I could not find on the web some discussions about >>> > "Archive.Test.Agent2-9953724-0" except this one >>> > >>> https://answers.sap.com/questions/13665326/upload-application-content-failed-malware-detected.html >>> >>> The signature is mentioned in this morning's automated email from the >>> ClamAV signatures database update process. >>> >>> I suspect that you're seeing a false positive, that's always a risk >>> with new or updated signatures. >>> >>> Perhaps you can upload one of the flagged files to e.g. Jotti's Virus >>> Scan or VirusTotal to see what a few other scanners make of it. >>> >>> -- >>> >>> 73, >>> Ged. >>> _______________________________________________ >>> >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> https://lists.clamav.net/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/Cisco-Talos/clamav-documentation >>> >>> https://docs.clamav.net/#mailing-lists-and-chat >>> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/Cisco-Talos/clamav-documentation >> >> https://docs.clamav.net/#mailing-lists-and-chat >> > > > -- > Christopher Marczewski > Research Engineer, Talos > Cisco Systems > 443-832-2975 > -- Christopher Marczewski Research Engineer, Talos Cisco Systems 443-832-2975
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
