[clamav-users] FP Win.Trojan.Agent-1395367
Hajo Locke
Hajo.Locke at gmx.de
Wed Apr 20 07:31:19 UTC 2016
Hello,
Am 20.04.2016 um 09:20 schrieb Al Varnell:
> The signature was just added yesterday in daily:21498 and yes it is an MD5 of size 892 bytes, so it could well be an FP.
>
> Not sure what you mean by “automatic created md5 Signature” and given that it’s a JavaScript I don’t know how you can conclude it’s contents “looks ok”, but you did the right thing by submitting it for consideration.
i think not every code is reviewed manually, according to the source.
For me code dont looks suspicious. But lets wait for opinion of the pro's.
>
> AegisLab also seems to think it’s infected, but VT believes it’s “Probably harmless!":
> <https://www.virustotal.com/en/file/1f6d3e09969916e203c940124ef19b654464ed322c756530e1bcb1267cc93e2c/analysis/>
>
> This should be self evident, but for the ClamAV Signature Team’s Info: MD5=585005690e530e8047374cf14e479281
>
> -Al-
>
> On Wed, Apr 20, 2016 at 12:02 AM, Hajo Locke wrote:
>> Hello,
>>
>> there seems to be a new FP within a Wordpress Plugin.
>> Download ist here:
>> https://jetpack.com/install/?from=wporg
>> http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip
>>
>> File jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js is reported as Win.Trojan.Agent-1395367
>>
>> Seems to be an automatic created md5 Signature, because content of file looks ok
>> http://pastebin.com/zi2TcJJF
>>
>> I already reported this as FP at http://www.clamav.net/reports/fp
>> I hope to get this fixed fast because our costumers use this plugin a lot and i dont want to make a new global whitelisting.
>>
>> Thanks,
>> Hajo
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
Hajo
More information about the clamav-users
mailing list