[clamav-users] FP: Win.Worm.Chir-681
Douglas Goddard
dgoddard at sourcefire.com
Tue Sep 16 21:59:41 UTC 2014
Maybe VT hasn't updated their DB since it was published.
FP handled, signature dropped.
Thanks,
Doug
On Tue, Sep 16, 2014 at 5:28 PM, Al Varnell <alvarnell at mac.com> wrote:
> The following file was found in Adobe PhotoShop CS6 infected with
> Win.Worm.Chir-681 (apparently added to the database earlier today):
>
> /Applications/Adobe Photoshop CS6/Adobe Photoshop
> CS6.app/Contents/Required/Droplet Template.exe
>
> I’ve submitted it as a False Positive
> (MD5=fd5137d1998bf8fcbab832123dd72256), but I’m curious about one thing.
>
> Why doesn’t VirusTotal identify it as infected
> <
> https://www.virustotal.com/en/file/86ee28923d4e7255762442fe93f220237197a756182ce320f5f6887b5c7147c5/analysis/1410901675/
> >
> when it shows the .text PE section of the file matches the signature hash
> (316287b0b4a47ada39244de795b7ca3c)?
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list