[clamav-users] Java.Malware fps

Al Varnell alvarnell at mac.com
Fri Apr 7 03:31:14 EDT 2017


On Fri, Apr 07, 2017 at 12:21 AM, Steve Basford wrote:
> On Fri, April 7, 2017 7:24 am, Henrik K wrote:
>> 
>> Whos' flooding crappy samples around, and why is ClamAV making sigs of
>> tiny class files like
>> org/eclipse/aether/impl/RemoteRepositoryManager.class?
>> 
> The odd few I've checked are hashes in daily.hsb:
> 
> cd9bcebd235258962913a210ff938a5a:2623:Java.Malware.Agent-6205983-0:73
> b6aa66e635ff2c1225d734c3f2577994:1452:Java.Malware.Agent-6205984-0:73
> 
> So, possibly part of the auto-generated ones.

But strangely, neither of those MD5's show any hits when they were uploaded to VirusTotal several months/years ago.
<https://www.virustotal.com/en/file/ab1bf4a533ff3b17825f7242afd0989d4d42af4426ca88757ad3d5bcf9013cb9/analysis/>
<https://www.virustotal.com/en/file/fa95c5237a36d46b31e007690dc68ebc040b13df7cf529e9e58ed3e7818bd4fb/analysis/>

-Al-
-- 
Al Varnell
Mountain View, CA





-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170407/17615008/attachment.bin>


More information about the clamav-users mailing list