[clamav-users] FPs for Txt.Malware.Agent-XXXXX
Mark Allan
markjallan at gmail.com
Tue Nov 22 17:02:06 UTC 2016
Hi all,
I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] containing a number of files which ClamAV incorrectly detects as various strains of Txt.Malware.Agent
My experience may be slightly skewed, but it seems that the rate of FPs has increased a lot lately, and they mostly appear to be being caused by hash-based signatures. I'm wondering if this is related to Joel's recent admission that the signature generation process is almost entirely automated now.
Is it possible that someone is targeting ClamAV and reporting known-clean files as if they were infected? To what end, I'm not sure, but I can't shake the feeling that something's not right...
Mark
More information about the clamav-users
mailing list