[clamav-users] How do I tell if MacroDoubleExtension-zippwd is for real
Al Varnell
alvarnell at mac.com
Tue Feb 16 16:30:58 UTC 2016
See Zip.Suspect.MacroDoubleExtension-zippwd false positive
<http://lists.clamav.net/pipermail/clamav-users/2016-February/002321.html>
Add a local.ign2 file to /share/clamav/ containing "Zip.Suspect.MacroDoubleExtension-zippwd” (without the quotes) or wait for the signature team to get their False Positive site working, submit the jar file and wait.
-Al-
On Feb 16, 2016, at 6:33 AM, Ted Gilchrist <egilchri at gmail.com> wrote:
> I am getting a Zip.Suspect.MacroDoubleExtension-zippwd FOUND when I run
> clamscan on a jar file. However, when I extract the jar file, and run
> clamscan on the contents, the scan comes out clean.
>
> How do I determine whether this error is for real? From Googling around, I
> get the impression that this could be a false positive, but I don't know
> for sure. Also, I'd appreciate a workaround to avoid triggering this error.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160216/02399829/attachment.bin>
More information about the clamav-users
mailing list