[clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive
Dennis Peterson
dennispe at inetnw.com
Thu Feb 18 04:16:02 UTC 2016
My experience with these kind of failures is that the pattern is not properly
anchored or the writer doesn't understand greedy grep patterns or both. Fallout
from the new pcregrep, perhaps? I've not analyzed it so am speculating here, but
lessons learned after decades of doing this is of regex results amaze you then
you have probably screwed up somewhere when writing the pattern. Or as one of my
staff liked to say, something we're sure of is wrong.
dp
On 2/16/16 7:02 PM, Al Varnell wrote:
> Resubmited.
>
> 87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a:319649:pg3726-images.epub
>
> -Al-
>
> On Feb 14, 2016, at 4:34 PM, Al Varnell <alvarnell at mac.com> wrote:
>
>> I attempted to submit the sample I have to http://www.clamav.net/reports/fp and it was similarly rejected as "empty." Scanned the file on my computer after updating definitions still shows it as infected. Uploading it to VirusTotal results in only a ClamAV detection:
>> <https://www.virustotal.com/en/file/87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a/analysis/1455495993/>.
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list