[clamav-users] FP Win.Trojan.Agent-1395367
Joel Esler (jesler)
jesler at cisco.com
Thu Apr 21 16:06:02 UTC 2016
Yeah, sorry, I was swamped yesterday and didn’t get to follow up, we obviously dropped them both.
--
Joel Esler
Manager, Talos Group
On Apr 21, 2016, at 4:08 AM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
Looks like the other was dropped, as well in Daily:21500
Dropped Detection Signatures:
* Win.Trojan.Agent-1395005
* Win.Trojan.Agent-1395367
Sent from Janet's iPad
-Al-
On Apr 20, 2016, at 7:01 AM, Alain Zidouemba wrote:
Confirming the FP on MD5: 585005690e530e8047374cf14e479281. The
signature Win.Trojan.Agent-1395367
has been removed.
- Alain
On Wed, Apr 20, 2016 at 3:02 AM, Hajo Locke <Hajo.Locke at gmx.de<mailto:Hajo.Locke at gmx.de>> wrote:
Hello,
there seems to be a new FP within a Wordpress Plugin.
Download ist here:
https://jetpack.com/install/?from=wporg
http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip
File
jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js is
reported as Win.Trojan.Agent-1395367
Seems to be an automatic created md5 Signature, because content of file
looks ok
http://pastebin.com/zi2TcJJF
I already reported this as FP at http://www.clamav.net/reports/fp
I hope to get this fixed fast because our costumers use this plugin a lot
and i dont want to make a new global whitelisting.
Thanks,
Hajo
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list