[clamav-users] Heuristics.Filetype.ZipWithJS
Reindl Harald
h.reindl at thelounge.net
Tue Mar 28 12:09:52 UTC 2017
Am 28.03.2017 um 13:53 schrieb Jonas Manusch:
> Cheers folks,
>
> since last weekend my clamscan states
>
> Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
>
> on some files. These files are from 2015 and I assume it to be false
> positive. Since these files contain sensitive data I cannot hand out to
> third parties. I tried to find out what the above means, but only found
> very little information that was not really helpful. Also tried to find
> 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here
> with a couple of questions:
>
> 1. Where can I find information about what kind of threat this?
many of the cryptomalware are .js files within zip-archives and .js on
windows is executebale due windows scripting host - the major usecase of
clamav is for inbound mailservers
> 2. How could I disable only this one type?
you only can disable heuristics at all and can't whitelist a single type
which is a design mistake
More information about the clamav-users
mailing list