[clamav-users] FP Win.Trojan.Agent-1395367
Hajo Locke
Hajo.Locke at gmx.de
Wed Apr 20 08:45:14 UTC 2016
Hello,
Am 20.04.2016 um 09:31 schrieb Hajo Locke:
> Hello,
>
> Am 20.04.2016 um 09:20 schrieb Al Varnell:
>> The signature was just added yesterday in daily:21498 and yes it is
>> an MD5 of size 892 bytes, so it could well be an FP.
>>
>> Not sure what you mean by “automatic created md5 Signature” and given
>> that it’s a JavaScript I don’t know how you can conclude it’s
>> contents “looks ok”, but you did the right thing by submitting it for
>> consideration.
>
> i think not every code is reviewed manually, according to the source.
> For me code dont looks suspicious. But lets wait for opinion of the
> pro's.
>>
>> AegisLab also seems to think it’s infected, but VT believes it’s
>> “Probably harmless!":
>> <https://www.virustotal.com/en/file/1f6d3e09969916e203c940124ef19b654464ed322c756530e1bcb1267cc93e2c/analysis/>
>>
>>
>> This should be self evident, but for the ClamAV Signature Team’s
>> Info: MD5=585005690e530e8047374cf14e479281
Found same issue with other file.
File qppr_frontend_script.min.js is reported as Win.Trojan.Agent-1395005
This is part of Wordpress Quick Page/Post Redirect Plugin
https://de.wordpress.org/plugins/quick-pagepost-redirect-plugin/installation/
MD5=952e1832aad1345100c20d86639900e5
>>
>> -Al-
>>
>> On Wed, Apr 20, 2016 at 12:02 AM, Hajo Locke wrote:
>>> Hello,
>>>
>>> there seems to be a new FP within a Wordpress Plugin.
>>> Download ist here:
>>> https://jetpack.com/install/?from=wporg
>>> http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip
>>>
>>> File
>>> jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js
>>> is reported as Win.Trojan.Agent-1395367
>>>
>>> Seems to be an automatic created md5 Signature, because content of
>>> file looks ok
>>> http://pastebin.com/zi2TcJJF
>>>
>>> I already reported this as FP at http://www.clamav.net/reports/fp
>>> I hope to get this fixed fast because our costumers use this plugin
>>> a lot and i dont want to make a new global whitelisting.
>>>
>>> Thanks,
>>> Hajo
>>>
>>>
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
> Hajo
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Hajo
More information about the clamav-users
mailing list