[clamav-users] Eicar test string now returning Win.Trojan.Trojan-605

Jason J. W. Williams jasonjwwilliams at gmail.com
Tue May 17 16:11:01 EDT 2016


No ClamAV 0.98.7.

-J

On Mon, May 16, 2016 at 11:25 PM, Al Varnell <alvarnell at mac.com> wrote:

> I’m unable to replicate your findings:
>
> ~/Downloads/2016-05-16/eicar.txt: Eicar-Test-Signature FOUND
>
> Taking a look at the current daily.cld I see entries in both ignore
> sections:
>
> daily.ign
>                                                  1374
> 002516
>
>
>
>
> fake:1:Dont_remove_this_line
> ...
> main:42:Win.Trojan.Trojan-605
>
>
>
>
>                                   daily.ign2
>
>       1072                    002573
>
>
>
>
>               fake_dont_remove_this_line
> ...
> Win.Trojan.Trojan-605
>
> I wonder if it’s engine specific?  Are you using 0.99.x
>
> -Al-
>
> On Mon, May 16, 2016 at 01:45 PM, Jason J. W. Williams wrote:
> >
> > Looks like EICAR is getting classified as Win.Trojan.Trojan-605 again
> > (daily 21557).
> >
> > https://gist.github.com/williamsjj/b8104402e80f44475df5
> >
> > -J
> >
> > On Wed, Mar 16, 2016 at 8:54 PM, Al Varnell <alvarnell at mac.com> wrote:
> >
> >> The new database was just made available, so I recommend you hold off
> >> until you have the new mail.cvd v57 and daily.cvd v21466 before getting
> too
> >> excited about this.
> >>
> >> -Al-
> >>
> >> On Wed, Mar 16, 2016 at 08:49 PM, Jason J. W. Williams wrote:
> >>>
> >>> As of the latest daily update, running ClamAV against the EICAR test
> >>> string
> >>> reports  Win.Trojan.Trojan-605 instead of Eicar-Test-Signature.
> >>>
> >>> -J
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list