[clamav-users] FPs for Txt.Malware.Agent-XXXXX
Joel Esler (jesler)
jesler at cisco.com
Tue Nov 22 19:11:13 UTC 2016
Mark,
Thanks for the feedback, you are right, I am experiencing some high counts in the Txt.Malware.Agent family.
I’ve disabled this engine for now.
--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Nov 22, 2016, at 12:02 PM, Mark Allan <markjallan at gmail.com<mailto:markjallan at gmail.com>> wrote:
Hi all,
I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] containing a number of files which ClamAV incorrectly detects as various strains of Txt.Malware.Agent
My experience may be slightly skewed, but it seems that the rate of FPs has increased a lot lately, and they mostly appear to be being caused by hash-based signatures. I'm wondering if this is related to Joel's recent admission that the signature generation process is almost entirely automated now.
Is it possible that someone is targeting ClamAV and reporting known-clean files as if they were infected? To what end, I'm not sure, but I can't shake the feeling that something's not right...
Mark
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list