[clamav-users] False positive
Al Varnell
alvarnell at mac.com
Thu Feb 18 05:19:38 UTC 2016
On Feb 17, 2016, at 9:01 PM, Tsutomu Oyamada wrote:
> A false positive which detects normal file as a malware "win.Trojan.Bancos-2115" was occurred last week.
> It was started CVD version 21359 and was fixed by 21362.
> Could you tell us what was the cause of this false positive?
Did you read the lengthy discussion on this very subject earlier today? Anything I could say would be pure speculation. Only the ClamAV Signature Team can give you an exact answer to that, should they elect to do so.
> And also, could you tell us what steps do you take to prevent false positives?
Submit samples to ClamAV’s Report False Positives page <http://www.clamav.net/reports/fp>, subscrible to clamav-virusdb and wait.
If it seriously impacts your operations, add a local.ign2 file to the database containing the infection name or a local.fp file containing the name of the detected file(s) until resolved.
> I have another question, has the false positive of "Zip.Suspect.MacroDoubleExtension-zippwd" fixed?
Not for me, but there were a number of different types of files involved, so everybody that has one or more needs to submit them.
> T.Oyamada
-Al-
--
Al Varnell
ClamXav User
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160217/fec659f5/attachment.bin>
More information about the clamav-users
mailing list