[clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes
d.shrimpton at its.uq.edu.au
Tue Sep 27 04:55:09 EDT 2016
> Confirmed FP I would say:
Agreed, above being the sha256sum of 2240 null bytes.
The hit on the null bytes could of course be masking actual malware
in the same container the file of nulls came from .
Presumeably clamav is missing a signature for the original malware
that prompted the broken signature.
So my pdf might still contain malware and whitelisting the sig
while logical might lead to an unfortunate result for anyone then receiving
and opening the same pdf.
More information about the clamav-users