[clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

David Shrimpton d.shrimpton at its.uq.edu.au
Tue Sep 27 21:07:19 EDT 2016


On Wed, 28 Sep 2016, Joel Esler (jesler) wrote:

> These signatures were generated out of attachments to know bad spam files.   We'll have a look.
>

clamscan -z on pdf shows:

Win.Trojan.Agent-1696579
Win.Trojan.Agent-1696632
Win.Trojan.Agent-1696690
Win.Trojan.Agent-1696882
Win.Trojan.Agent-1697875
Win.Trojan.Agent-1697950
Win.Trojan.Agent-1698234
Win.Trojan.Agent-1698242

I'd speculate that all these sigs are broken any maybe many more for other
null byte file sizes not present in my pdf.

David



More information about the clamav-users mailing list