[clamav-users] Win.Trojan.DarkKomet-5711346-0 false positive?
Reindl Harald
h.reindl at thelounge.net
Thu Feb 16 20:21:06 UTC 2017
Am 16.02.2017 um 21:17 schrieb Mark Foley:
> I am running a scheduled clamscan on the IMAP mail folders. The command is:
>
> /usr/local/bin/clamscan -a --detect-pua=yes --no-summary --stdout --infected \
> --recursive --allmatch --scan-mail=yes --scan-ole2=yes /home/HPRS/
>
> This scan turns up the following:
>
>
> /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S: Win.Trojan.DarkKomet-5711346-0 FOUND
>
> /home/HPRS/dsmith/Maildir/.Sent Items/cur/1424639819.M717944P16540.mail,S=1444158,W=1463348:2,S!...!(72)MAIL:SEC_deficiency_letter_to_Timbervest.pdf: Win.Trojan.DarkKomet-5711346-0 FOUND
>
> This email has 4 .pdf attachments. When I run clamscan manually on any of them
> I get no infections:
>
> $ clamscan --detect-pua=yes --scan-ole2=yes 2011.06.08\ Notification\ of\ Distribution.pdf
> 2011.06.08 Notification of Distribution.pdf: OK
why --scan-ole2=yes when you scan a pdf?
--scan-pdf makes more sense
More information about the clamav-users
mailing list