[clamav-users] FP: Win.Trojan.Agent-1696554 is md5sum of 2240 null bytes

Joel Esler (jesler) jesler at cisco.com
Tue Sep 27 21:25:35 EDT 2016


Thank you

Sent from my Apple Watch

On Sep 27, 2016, at 9:07 PM, David Shrimpton <d.shrimpton at its.uq.edu.au> wrote:

> On Wed, 28 Sep 2016, Joel Esler (jesler) wrote:
> 
>> These signatures were generated out of attachments to know bad spam files.   We'll have a look.
>> 
> 
> clamscan -z on pdf shows:
> 
> Win.Trojan.Agent-1696579
> Win.Trojan.Agent-1696632
> Win.Trojan.Agent-1696690
> Win.Trojan.Agent-1696882
> Win.Trojan.Agent-1697875
> Win.Trojan.Agent-1697950
> Win.Trojan.Agent-1698234
> Win.Trojan.Agent-1698242
> 
> I'd speculate that all these sigs are broken any maybe many more for other
> null byte file sizes not present in my pdf.
> 
> David
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list