[clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes
alvarnell at mac.com
Tue Sep 27 04:44:01 EDT 2016
The signature is based on a 2240 byte file, so it is probably something embedded in the PDF.
In any case, it needs to be uploaded to <http://www.clamav.net/reports/fp>. Is the MD5 of the entire PDF 013167adb9fbc93923f9c0789599ec95, because Steve and I aren’t finding anything on VT with any detections with that MD5?
On Tue, Sep 27, 2016 at 12:39 AM, David Shrimpton wrote:
> Win.Trojan.Agent-1696554 added to daily.hdb on 21/9/16 is an
> md5sum of a file containing 2240 null bytes only, so appears
> to be a broken signature.
> It is causing false positives.
> The example I have was a FP on a 944010 byte pdf which comes up
> negative on virustotal except for clamav.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3573 bytes
Desc: not available
More information about the clamav-users