I found I am in similar situation, the files are generated during compile. clamav complains
/tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.ea06.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.bin-le.cpio: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.mbox.base64: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.sis: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.ea05.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam_IScab_int.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam_IScab_ext.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-yc.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam_cache_emax.tgz: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.tar.gz: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.iso: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.cab: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clamjol.iso: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-pespin.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.szdd: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.newc.cpio: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-upx.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam_ISmsi_ext.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam_ISmsi_int.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.bz2.zip: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.ppt: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-nsis.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-aspack.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.2010.one: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-wwpack.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-mew.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.binhex: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.mbox.uu: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.bz2: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-fsg.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.mail: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.chm: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.odc.cpio: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.impl.zip: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.arj: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.rtf: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-upack.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.tnef: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.ole.doc: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.pdf: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam-petite.exe: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.2007.one: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.d64.zip: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.bin-be.cpio: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.html: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe.webapp-export.one: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.exe_and_mail.tar.gz: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.zip: Clamav.Test.File-6 FOUND /tmp/clamav-1.4.2/build/unit_tests/input/clamav_hdb_scanfiles/clam.7z: Clamav.Test.File-6 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 8706061 Engine version: 1.4.2 Scanned directories: 0 Scanned files: 1619 Infected files: 50 Data scanned: 232.40 MB Data read: 2501.85 MB (ratio 0.09:1) Time: 88.755 sec (1 m 28 s) Start Date: 2025:03:27 01:10:21 End Date: 2025:03:27 01:11:50 ----- My mailbox is almost full, please don't send pictures or big files to me. -- Yang, Chengfu Linux Administrator, RTX account DXC Technology T. +1.450.677.9411 ext. 75846 W. +1 289-785-6177 cyan...@dxc.com dxc.com --------- Master say we are just visitors of the earth. Be Safe, Be healthy and Be joyful ________________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Jonathan Lee via clamav-users <clamav-users@lists.clamav.net> Sent: Thursday, March 27, 2025 10:47:14 AM To: ClamAV users ML Cc: Jonathan Lee; ClamAV users ML Subject: Re: [clamav-users] False Positive Report Do you mind explaining or expanding on what these two products do in terms of functionality they could in turn be marked block because they are being abused on a proxy system for example they’re staging and or using that product to abuse a proxy and pivot off of it thus clam antivirus is blocking it Sent from my iPhone > On Mar 27, 2025, at 01:57, N.Sakai via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Hello madam and sir, > > We found some files which were detected as "Win.Malware.Tedy-10043541-0" > included > In the signature "Daily.cvd:27583" released on 21 March 2025, on some servers > (Linux, AIX,Windows) that have ClamAV installed. > > We checked to see what they were, because two files of the same malware were > detected. > They are launcher programs provided by IBM, and two Windows executive > programs named as "ScriptLauncher64.exe" and "launchpad64.exe" > > The hash values of each are as follows: > a58caf03eaa7fa003e2d020025b5bd95490a1fccc1f5ee7409b37fe6c7e11b220f39513cdf45501402ad9d6158a312e487f43043f10fc452a9fc3100723234fd > ScriptLauncher64.exe > 58caf03eaa7fa003e2d020025b5bd95490a1fccc1f5ee7409b37fe6c7e11b220f39513cdf45501402ad9d6158a312e487f43043f10fc452a9fc3100723234fd > launchpad64.exe > > Since these are old programs released in 2017 and 2016 respectively, and are > deemed safe by multiple other antivirus software, we believe that there is a > high possibility that they are false positive. > > I also submitted a sample from the "False Positive Report" linked from : > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.clamav.net%2Fcontact&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740712078%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=k2tWSKO%2BLgHtj2L1gqq9kdOmxTZ4%2BEZja5NRniQvriE%3D&reserved=0、 > but I did not receive any response the email address which I entered in the > form, so we do not know if it was received by you properly. > > The form also said, "Refer to [clamav-virusdb] for updates," so we looked up > the email archive, but the updates from the past few days did not contain any > content I am looking for. (If a false positive is addressed, will it be > listed in "Dropped Detection Signatures:" ?) > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740751465%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pN7J1BQecBR%2Bfd6dMW4qiyNWn2sMPXFnGuBpi3qlIbY%3D&reserved=0 > > > Help us build a comprehensive ClamAV guide: > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCisco-Talos%2Fclamav-documentation&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740767470%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Wc17%2FwF6kwvNfIwAqWp9kmnjBlkcAvt%2BYTE%2Fi5WpGlo%3D&reserved=0 > > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.clamav.net%2F%23mailing-lists-and-chat&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740781244%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=n9ueGjR4usuKl2q6lXFcNB3ArO1YWd9C6%2BxgpR48JhU%3D&reserved=0 _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740795118%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=hwmqATwTh3mFt2UlHc5lKslIJ0f7%2Fm7foHN214yOPxc%3D&reserved=0 Help us build a comprehensive ClamAV guide: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FCisco-Talos%2Fclamav-documentation&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740812611%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=yRroUxbattlaD1nOMRj4x%2BjDhv5Hk79UHb8Tx3nTTjY%3D&reserved=0 https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.clamav.net%2F%23mailing-lists-and-chat&data=05%7C02%7Ccyang53%40dxc.com%7C4ded167d65f74f98089f08dd6d3e594e%7C93f33571550f43cfb09fcd331338d086%7C0%7C0%7C638786836740831852%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dC0YZpGYXQlxmhX416eMUwo7KQvocwjNnL%2Brj65IHos%3D&reserved=0 _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
