[clamav-users] Eicar test string now returning Win.Trojan.Trojan-605
Al Varnell
alvarnell at mac.com
Tue May 17 06:25:33 UTC 2016
I’m unable to replicate your findings:
~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND
Taking a look at the current daily.cld I see entries in both ignore sections:
daily.ign 1374 002516 fake:1:Dont_remove_this_line
...
main:42:Win.Trojan.Trojan-605
daily.ign2 1072 002573 fake_dont_remove_this_line
...
Win.Trojan.Trojan-605
I wonder if it’s engine specific? Are you using 0.99.x
-Al-
On Mon, May 16, 2016 at 01:45 PM, Jason J. W. Williams wrote:
>
> Looks like EICAR is getting classified as Win.Trojan.Trojan-605 again
> (daily 21557).
>
> https://gist.github.com/williamsjj/b8104402e80f44475df5
>
> -J
>
> On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarnell at mac.com> wrote:
>
>> The new database was just made available, so I recommend you hold off
>> until you have the new mail.cvd v57 and daily.cvd v21466 before getting too
>> excited about this.
>>
>> -Al-
>>
>> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote:
>>>
>>> As of the latest daily update, running ClamAV against the EICAR test
>>> string
>>> reports Win.Trojan.Trojan-605 instead of Eicar-Test-Signature.
>>>
>>> -J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160516/1df09f87/attachment.bin>
More information about the clamav-users
mailing list