[clamav-users] Win.Worm.Chir-553 False Positive

Al Varnell alvarnell at mac.com
Tue Jul 15 20:27:20 EDT 2014


I’ve now discovered another FP, this time for Win.Worm.Chir-551 and I’ve uploaded it to you.  Again, it’s from the same OS X provided Python framework. I get similar results in checking Python 2.7.

File Name: wininst-9.0.exe
MD5: 8aa98031128ef0c81d34207e3c60d003

VirusTotal comment:
<https://www.virustotal.com/en/file/52def964142be6891054d2f95256a3b05d66887964fcd66b34abfe32477e8965/analysis/1405469450/>

Signature: 425c19aef183b3d3db4a00e05cf46e73

-Al-

-Original Message-

I’ve just uploaded a component of every version OS X since at least 2010 that is included with Python and will undoubtedly be found by a lot of folks very soon.

File Name: wininst-8.0.exe
MD5: ed0fde686788caec4f2cb1ec9c31680c

VirusTotal comments would also indicate an FP
<https://www.virustotal.com/en/file/e362670f93cdd952335b1a41e5529f184f2022ea4d41817a9781b150b062511c/analysis/1405462000/>

Since the signature for this file is ee35353fd80f8e2447095b753732dbca, I guess I’m a bit confused as to why id doesn’t match the file MD5.


-Al-
-- 
Al Varnell
Mountain View, CA




_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml



More information about the clamav-users mailing list