[clamav-users] Probable False Positive - OpenJDK-1.8 nashorn.jar : Win.Trojan.Toa-5370166-0
Al Varnell
alvarnell at mac.com
Tue Dec 27 01:52:53 UTC 2016
Although most, if not all the Win.Trojan.Toa old signatures were either dropped by Daily - 22782, I see it also added Win.Trojan.Toa-5368540-0, so that would appear to be a new issue.
-Al-
On Mon, Dec 26, 2016 at 05:24 PM, Christian Balzer wrote:
>
> Hello,
>
> On Mon, 26 Dec 2016 19:21:25 -0000 Steve Basford wrote:
>
>>
>> On Mon, December 26, 2016 6:55 pm, Mark Edwards wrote:
>>> In keeping with the other false positive reports I have more than 400
>>> CentOS servers report below after yesterday's freshclam update:
>>
>> Yes, nashorn.jar seems to get hit too...
>>
>> eg:
>>
>> fp2\11476331d01: Win.Trojan.Toa-5372078-0
>> fp2\200ENGI.EXE: Win.Trojan.Toa-5380327-0
>> fp2\3A627716d01: Win.Trojan.Toa-5372078-0
>> fp2\firefox-hotfix at mozilla.org.xpi: Win.Trojan.Toa-5370166-0
>> fp2\Microsoft Virtual PC 2004 MSDN.msi: Win.Trojan.Toa-5370996-0
>> fp2\nashorn.jar: Win.Trojan.Toa-5370166-0
>> fp2\startupCache.4.little: Win.Trojan.Toa-5370166-0
>>
>> and the earlier reported FP's are still there:
>>
>> fp\Aston Villa 1.4.3.ipa: Win.Trojan.Toa-5370166-0
>> fp\greasemonkey-3.8-fx.xpi: Win.Trojan.Toa-5370166-0
>> fp\imagus-0.9.8.45-fx+sm.xpi: Win.Trojan.Toa-5370166-0
>> fp\loop at mozilla.org.xpi: Win.Trojan.Toa-5370166-0
>> fp\omni.ja: Win.Trojan.Toa-5370166-0
>> fp\org-netbeans-modules-javascript-nodejs.jar: Win.Trojan.Toa-5370166-0
>> fp\privacy_badger-1.7.0-fx.xpi: Win.Trojan.Toa-5370166-0
>>
>> etc.
>>
>> IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing done
>> in full after holidays.
>>
> I can only second that.
> And add Win.Trojan.Toa-5368540-0 to the list of FPs.
>
> At this rate the previous bit about "Clamscan becoming its own worst
> enemy." can not be underestimated.
> This is the 2nd, VERY visible FP avalanche in so many months and since it
> affects a lot of people here including internal business mails.
> Reflecting badly on all OSS projects and SW.
>
> Christian
>
>> As the issues go on...
>>
>> https://forum.kaspersky.com/index.php?s=252c49e91f4e5a6572be42fda3a1ff56&showtopic=363061
>>
>> https://www.joomlashine.com/forum/other-products/169144-uniform-package-has-win-trojan-toa-5370166-0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20161226/3d4e57bf/attachment.bin>
More information about the clamav-users
mailing list