[clamav-users] Zip.Suspect.MacroDoubleExtension-zippwd false positive
Tsutomu Oyamada
oyamada at promark-inc.com
Tue Feb 23 13:55:31 UTC 2016
There are still positives "Zip.Suspect.MacroDoubleExtension-zippwd".
(see attached file)
To resolve this false positive when it does?
On Wed, 17 Feb 2016 20:16:02 -0800
Dennis Peterson <dennispe at inetnw.com> wrote:
> My experience with these kind of failures is that the pattern is not properly anchored or the writer doesn't understand greedy grep patterns or both. Fallout from the new pcregrep, perhaps? I've not analyzed it so am speculating here, but lessons learned after decades of doing this is of regex results amaze you then you have probably screwed up somewhere when writing the pattern. Or as one of my staff liked to say, something we're sure of is wrong.
>
> dp
>
> On 2/16/16 7:02 PM, Al Varnell wrote:
> > Resubmited.
> >
> > 87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a:319649:pg3726-images.epub
> >
> > -Al-
> >
> > On Feb 14, 2016, at 4:34 PM, Al Varnell <alvarnell at mac.com> wrote:
> >
> >> I attempted to submit the sample I have to http://www.clamav.net/reports/fp and it was similarly rejected as "empty." Scanned the file on my computer after updating definitions still shows it as infected. Uploading it to VirusTotal results in only a ClamAV detection:
> >> <https://www.virustotal.com/en/file/87084602bb62d9213e10a1741150093a37481cd005b62008e7187f2086b8922a/analysis/1455495993/>.
> >>
> >>
> >> _______________________________________________
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list