[clamav-users] FP-Report: Email.Trojan-417
Al Varnell
alvarnell at mac.com
Tue May 13 07:45:29 UTC 2014
Julian,
Looking at the signature, I see your point, but it must also contain:
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment
That would seem to be a given for almost any attachment, as well. I have no idea what the actual sample was, but there must be something much more unique that could have been used.
Looks to have been added to the database on 2012-12-13 (daily: 15772).
-Al-
On Tue, May 13, 2014 at 12:27 AM, Julian Hansmann wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear ClamAV-Users and Developers,
>
> some time ago I reported a FP on the homepage on ClamAV. Unfortunately
> I haven't received a response nor has the signature in question be
> removed from the official database. So I'd like to ask what else can I
> do to get this fixed?
>
> This is the FP in question:
>
> Regardless of its content (even if it's empty) a mail which has a file
> with the suffix ".JPG.zip" (case sensitive) attached will be detected
> as "Email.Trojan-417".
>
> Since this can be easily reproduced I won't include a sample to avoid
> further FPs.
More information about the clamav-users
mailing list