[clamav-users] Win.Trojan.Zwangi-432 / Osx.Exploit.CVE_2006_0848 / PHP.Shell-29

[DUCARROZ Birgit]

Tried to join the malware (an .exe file) , tried to join the email (as 
an .eml file).
For both the form does reject, saying:

" The sample is empty. This file is not detected by ClamAV. Please 
update your CVD database before reporting false-positives. If you are 
using third-party databases/unofficial signatures, please contact the 
author of the signature. We can only process false-positives generated 
by ClamAV Official signatures.
Please correct the above errors and retry."

In your form is also an URL (What is PUA?) - When klicking on the link, 
the page says "Search Results: Sorry, but you are looking for something 
that isn't here."

??

Thank you for help again..
- Birgit


On 09. 07. 14 10:26 , DUCARROZ Birgit wrote:
> oki, thank you!
> I will do this in the next few minutes.
> - Birgit
>
> On 08. 07. 14 13:28 , Joel Esler (jesler) wrote:
>>> On Jul 8, 2014, at 5:11, "DUCARROZ Birgit" 
>>> <birgit.ducarroz at unifr.ch> wrote:
>>>
>>> Platform: You mean the platform where clamav is installed, not the 
>>> platform the virus is for, just?
>> Yes.  The platform where ClamAV is.
>>
>>
>>> What do you mean I must attach with "raw message"? The output of the 
>>> virus-scan? Or the file containing the virus (or false positive)?
>> If it's an email, please attach the whole thing. If it's a malware, 
>> attach the malware.
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml

-- 
Birgit Ducarroz
Unix Systems Administration
Department of Informatics
University of Fribourg Switzerland
mailto:birgit.ducarroz at unifr.ch
Phone: +41 (26) 300 8342
https://diuf.unifr.ch/people/ducarroz/