[clamav-users] Java.Malware fps
Al Varnell
alvarnell at mac.com
Fri Apr 7 03:31:14 EDT 2017
On Fri, Apr 07, 2017 at 12:21 AM, Steve Basford wrote:
> On Fri, April 7, 2017 7:24 am, Henrik K wrote:
>>
>> Whos' flooding crappy samples around, and why is ClamAV making sigs of
>> tiny class files like
>> org/eclipse/aether/impl/RemoteRepositoryManager.class?
>>
> The odd few I've checked are hashes in daily.hsb:
>
> cd9bcebd235258962913a210ff938a5a:2623:Java.Malware.Agent-6205983-0:73
> b6aa66e635ff2c1225d734c3f2577994:1452:Java.Malware.Agent-6205984-0:73
>
> So, possibly part of the auto-generated ones.
But strangely, neither of those MD5's show any hits when they were uploaded to VirusTotal several months/years ago.
<https://www.virustotal.com/en/file/ab1bf4a533ff3b17825f7242afd0989d4d42af4426ca88757ad3d5bcf9013cb9/analysis/>
<https://www.virustotal.com/en/file/fa95c5237a36d46b31e007690dc68ebc040b13df7cf529e9e58ed3e7818bd4fb/analysis/>
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170407/17615008/attachment.bin>
More information about the clamav-users
mailing list