[clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Al Varnell alvarnell at mac.com
Tue May 17 02:25:33 EDT 2016


I’m unable to replicate your findings:

~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND

Taking a look at the current daily.cld I see entries in both ignore sections:

daily.ign                                                                                                                   1374                    002516                                                                                                                                                                                                                                                                                                                                                                      fake:1:Dont_remove_this_line
...
main:42:Win.Trojan.Trojan-605

                                                                                                                                                                                                                                                                    daily.ign2                                                                                                                  1072                    002573                                                                                                                                                                                                                                                                                                                                                                      fake_dont_remove_this_line
...
Win.Trojan.Trojan-605

I wonder if it’s engine specific?  Are you using 0.99.x

-Al-

On Mon, May 16, 2016 at 01:45 PM, Jason J. W. Williams wrote:
> 
> Looks like EICAR is getting classified as Win.Trojan.Trojan-605 again
> (daily 21557).
> 
> https://gist.github.com/williamsjj/b8104402e80f44475df5
> 
> -J
> 
> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarnell at mac.com> wrote:
> 
>> The new database was just made available, so I recommend you hold off
>> until you have the new mail.cvd v57 and daily.cvd v21466 before getting too
>> excited about this.
>> 
>> -Al-
>> 
>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote:
>>> 
>>> As of the latest daily update, running ClamAV against the EICAR test
>>> string
>>> reports  Win.Trojan.Trojan-605 instead of Eicar-Test-Signature.
>>> 
>>> -J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160516/1df09f87/attachment.bin>


More information about the clamav-users mailing list