[clamav-users] false positive sample
Daniel Quintiliani
danq at runbox.com
Mon Aug 25 20:26:42 UTC 2014
On Mon, 25 Aug 2014 13:17:23 +0000, "Joel Esler (jesler)" <jesler at cisco.com> wrote:
> We’re currently working on a better way to report false positives, so hopefully we’ll see some resolution to the issue soon, but by all means, if you have FP reports, please report them via the website and we’ll take a look at the issue.
>
> As far as reports of new malware, again, the website is the best place to send them, however, for bulk uploads, like the website says, it’s best to contact us.
>
> Where did you send emails to us that we missed? Maybe we’re having a server problem that I haven’t seen yet and we need to get that fixed.
>
I most likely sent the list of MD5s (actually they were SHA256sums) as an attachment to "azidouemba-AT-sourcefire-D0T-c0m"
I've just sent the attachment to "jesler-AT-cisco-D0T-c0m"
I actually haven't had a false positive in a very long time, but lots of undetected malware which fail VirusTotal scans for all the major brands. Like I said CRDF third-party signatures detect the malware an hour or so after you submit the files. I've been also sending them to ClamAV, no more than 2 per day, using the clamsubmit tool.
--
-Dan Q
More information about the clamav-users
mailing list