[clamav-users] Win.Worm.Chir-553 False Positive

Alain Zidouemba azidouemba at sourcefire.com
Wed Jul 16 10:33:29 EDT 2014


Al,

Thank you for reporting these. The FPs have been handled.

- Alain


On Tue, Jul 15, 2014 at 8:27 PM, Al Varnell <alvarnell at mac.com> wrote:

> I’ve now discovered another FP, this time for Win.Worm.Chir-551 and I’ve
> uploaded it to you.  Again, it’s from the same OS X provided Python
> framework. I get similar results in checking Python 2.7.
>
> File Name: wininst-9.0.exe
> MD5: 8aa98031128ef0c81d34207e3c60d003
>
> VirusTotal comment:
> <
> https://www.virustotal.com/en/file/52def964142be6891054d2f95256a3b05d66887964fcd66b34abfe32477e8965/analysis/1405469450/
> >
>
> Signature: 425c19aef183b3d3db4a00e05cf46e73
>
> -Al-
>
> -Original Message-
>
> I’ve just uploaded a component of every version OS X since at least 2010
> that is included with Python and will undoubtedly be found by a lot of
> folks very soon.
>
> File Name: wininst-8.0.exe
> MD5: ed0fde686788caec4f2cb1ec9c31680c
>
> VirusTotal comments would also indicate an FP
> <
> https://www.virustotal.com/en/file/e362670f93cdd952335b1a41e5529f184f2022ea4d41817a9781b150b062511c/analysis/1405462000/
> >
>
> Since the signature for this file is ee35353fd80f8e2447095b753732dbca, I
> guess I’m a bit confused as to why id doesn’t match the file MD5.
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>



More information about the clamav-users mailing list