[clamav-users] FP Win.Trojan.Agent-1395367
Al Varnell
alvarnell at mac.com
Wed Apr 20 07:20:58 UTC 2016
The signature was just added yesterday in daily:21498 and yes it is an MD5 of size 892 bytes, so it could well be an FP.
Not sure what you mean by “automatic created md5 Signature” and given that it’s a JavaScript I don’t know how you can conclude it’s contents “looks ok”, but you did the right thing by submitting it for consideration.
AegisLab also seems to think it’s infected, but VT believes it’s “Probably harmless!":
<https://www.virustotal.com/en/file/1f6d3e09969916e203c940124ef19b654464ed322c756530e1bcb1267cc93e2c/analysis/>
This should be self evident, but for the ClamAV Signature Team’s Info: MD5=585005690e530e8047374cf14e479281
-Al-
On Wed, Apr 20, 2016 at 12:02 AM, Hajo Locke wrote:
>
> Hello,
>
> there seems to be a new FP within a Wordpress Plugin.
> Download ist here:
> https://jetpack.com/install/?from=wporg
> http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip
>
> File jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js is reported as Win.Trojan.Agent-1395367
>
> Seems to be an automatic created md5 Signature, because content of file looks ok
> http://pastebin.com/zi2TcJJF
>
> I already reported this as FP at http://www.clamav.net/reports/fp
> I hope to get this fixed fast because our costumers use this plugin a lot and i dont want to make a new global whitelisting.
>
> Thanks,
> Hajo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160420/6eea08ae/attachment.bin>
More information about the clamav-users
mailing list