[clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive
nerslbmail at yahoo.com
nerslbmail at yahoo.com
Sun Feb 14 18:55:48 UTC 2016
Hi,false positives started coming after update to (daily.cvd version: 21360)my submissions for false-positive reports on clamav.net keep reporting "The sample is empty."
How to reproduce:
mkdir /tmp/test_dir
touch /tmp/test_dir/txt_csv.jar.0
jar cf test_dir.jar /tmp/test_dir
# or
zip -r test_dir.zip /tmp/test_dir
# then scan the file
clamscan test_dir.jar test_dir.zip
More information about the clamav-users
mailing list