[clamav-users] Win.Adware.Softpulse-215 FP

Joel Esler (jesler) jesler at cisco.com
Tue Jan 19 12:43:21 EST 2016

I have been told that all of these have been corrected already.

Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group

On Jan 18, 2016, at 1:51 AM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:

I’m hearing from a couple of ClamXav users that several applications are being identified as infected with Win.Adware.Softpulse-215.  All these applications contain the StuffIt framework.

I’ve uploaded the StuffIt Expander.app.zip to the ClamAV FP page with MD5 44f5ab1439a9c9c06b46aeb31b265e1e which included infected frameworks as follows:

(/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]sit5.exe) = ebe780c5859a324995f9603276e5b4fa
(/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]sitx.exe) = a9d1a8144b8ce0b3637ab11dcd48638d
(/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]zip.exe) = 7f55eba65a7a91081f2a8ecaa4bf5dc7

For some reason VirusTotal ClamAV identifies it as Win.Adware.Softpulse-218

This definition was included in Friday’s daily.cvd Version: 21262, and I have received additional reports of FP’s on the following signatures but do not have access to samples at this time:


Al Varnell
Mountain View, CA

Help us build a comprehensive ClamAV guide:


More information about the clamav-users mailing list