[clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?
Groach
groachmail-stopspammingme at yahoo.com
Wed Dec 28 22:13:51 UTC 2016
Ok, I know it has already been mentioned before in another 2 threads but
it seems once again Joel is dismissing the claims or the
responsibilities of it being damaging to peoples systems (regularly
quarantining genuine files and emails) and instead expects everyone to
keep sending in FP reports for every spreadsheet or file that gets hit
by this rogue signature. Not only is this impractical, its often
impossible due to quantity and least of all data sensitivity issues. I
have them every day. Ive submitted FP reports, Ive watched others raise
the issue too, Ive waited a week but still it goes on.
Many have called for it to be reviewed, modified or removed - even
people such as Steve Basford who is respected in providing signatures of
his own:
"IMHO, Win.Trojan.Toa* CDB sigs should ALL be pulled ASAP and QA testing
done in full after holidays."
http://lists.clamav.net/pipermail/clamav-users/2016-December/003932.html
and so on.
The cause of the problem has even been identified (vbaproject.bin
http://lists.clamav.net/pipermail/clamav-users/2016-December/003945.html)
but still no acknowledgement and it continues.
So it leaves me with the thread title...
...just dump this signature. Learn that when HUNDREDS or thousands of
files are incorrectly being hit then acknowledge there is something
wrong with it! Consider it a QA failure. What else do you need to see
before things are seen for what they are?!
More information about the clamav-users
mailing list