[clamav-users] Win.Trojan.Ramnit FPs
Mark Allan
markjallan at gmail.com
Mon Feb 15 11:22:40 UTC 2016
I'm still getting the email saying "your sample was empty", so I'm posting here too.
The Ramnit series of sigs is hitting a bunch of files which have been resident on users' HDs and scanned as clean for many years. VT also reports ClamAV as the only vendor detecting an infection. To clear the infections, I'm having to add the following sig names in an ign2 file.
Win.Trojan.Ramnit-7261
Win.Trojan.Ramnit-7262
Win.Trojan.Ramnit-7263
Win.Trojan.Ramnit-7264
Win.Trojan.Ramnit-7265
Win.Trojan.Ramnit-7173
Win.Trojan.Ramnit-7174
Win.Trojan.Ramnit-7175
Win.Trojan.Ramnit-7176
Hashes of the samples I uploaded are:
f3c174edcbaef7cb947d6357cdfde7ff:422912:m3jp2k32.dll
881c86b65b44d8033575a402a2aa1ab1:454656:vsshdsd.dll
Cheers
Mark
More information about the clamav-users
mailing list