[clamav-users] Win.Worm.Chir-553 False Positive
Al Varnell
alvarnell at mac.com
Wed Jul 16 00:27:20 UTC 2014
I’ve now discovered another FP, this time for Win.Worm.Chir-551 and I’ve uploaded it to you. Again, it’s from the same OS X provided Python framework. I get similar results in checking Python 2.7.
File Name: wininst-9.0.exe
MD5: 8aa98031128ef0c81d34207e3c60d003
VirusTotal comment:
<https://www.virustotal.com/en/file/52def964142be6891054d2f95256a3b05d66887964fcd66b34abfe32477e8965/analysis/1405469450/>
Signature: 425c19aef183b3d3db4a00e05cf46e73
-Al-
-Original Message-
I’ve just uploaded a component of every version OS X since at least 2010 that is included with Python and will undoubtedly be found by a lot of folks very soon.
File Name: wininst-8.0.exe
MD5: ed0fde686788caec4f2cb1ec9c31680c
VirusTotal comments would also indicate an FP
<https://www.virustotal.com/en/file/e362670f93cdd952335b1a41e5529f184f2022ea4d41817a9781b150b062511c/analysis/1405462000/>
Since the signature for this file is ee35353fd80f8e2447095b753732dbca, I guess I’m a bit confused as to why id doesn’t match the file MD5.
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
More information about the clamav-users
mailing list