[clamav-users] Win.Adware.Softpulse-215 FP

Al Varnell alvarnell at mac.com
Thu Jan 21 07:46:01 EST 2016



On Jan 21, 2016, at 4:06 AM, Joel Esler (jesler) wrote:

Sent from my iPhone

> On Jan 21, 2016, at 3:07 AM, Al Varnell wrote:
> Yes, I did receive feedback the same day that Win.Adware.Softpulse-215 had been removed and I can confirm that all the others mentioned below except for Swf.Exploit.CVE_2015_5122-1 have been removed, so I’ll try to pursue that last one.
> But now those three files are being identified as Win.Trojan.Agent-953878. Should I resubmit the file with that infection name?
> -Al-
>> I have been told that all of these have been corrected already.
>> Joel Esler
>> Manager, Threat Intelligence Team & Open Source
>> Talos Group
>> http://www.talosintel.com
>>> On Jan 18, 2016, at 1:51 AM, Al Varnell <alvarnell at mac.com> wrote:
>>> I’m hearing from a couple of ClamXav users that several applications are being identified as infected with Win.Adware.Softpulse-215.  All these applications contain the StuffIt framework.
>>> I’ve uploaded the StuffIt Expander.app.zip to the ClamAV FP page with MD5 44f5ab1439a9c9c06b46aeb31b265e1e which included infected frameworks as follows:
>>> (/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]sit5.exe) = ebe780c5859a324995f9603276e5b4fa
>>> (/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]sitx.exe) = a9d1a8144b8ce0b3637ab11dcd48638d
>>> (/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]zip.exe) = 7f55eba65a7a91081f2a8ecaa4bf5dc7
>>> For some reason VirusTotal ClamAV identifies it as Win.Adware.Softpulse-218
>>> <https://www.virustotal.com/en/file/9bca9c9581182d3d6ed015179a12f68c94fa21b11cb3ef98a16265cd70fd7032/analysis/1453098213/>
>>> This definition was included in Friday’s daily.cvd Version: 21262, and I have received additional reports of FP’s on the following signatures but do not have access to samples at this time:
>>> Adware.Browsefox-12346
>>> Win.Trojan.Agent-953862
>>> Win.Adware.Agent-59030
>>> Swf.Exploit.CVE_2015_5122-1
>>> -Al-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160121/3b5cdb04/attachment.bin>

More information about the clamav-users mailing list