[clamav-users] How to determine false-v-real FOUND
Brad Scalio
scalio at gmail.com
Thu Feb 9 13:12:13 UTC 2017
Clamscan found a PE "visor.exe.svn-base" that matched
Win.Trojan.Agent-793284 FOUND.
That said, ran it through virustotal.com with results here
https://goo.gl/flJl6j
I know pasting a shortened URL in a AV mailing list :-)
11 of 56 scanners detect a signature, however the file in question is on a
linux system, and hasn't been touched since 2010, and so I am not too
worried as it's a homogeneous local LAN of all linux systems, it's just the
first time we've ran a clamscan on this box.
Is there a way, or an online tutorial, or some other information to
decompose the signature and the file easily to determine if it's a false
positive or not? I realize this is a complete science in and of itself,
but I am looking for a way for our tier 0 folks to quickly discern if they
need to wake up the whole enterprise at 3am in the future.
Thanks much!
More information about the clamav-users
mailing list