[clamav-users] False positive -- I hope
Paul Kosinski
clamav-users at iment.com
Sun Jan 28 19:54:04 UTC 2018
Using clamav.0.99.3 to scan the latest Firefox ESR (52.6.0), and using
various extra signatures from Sane Security, I get:
firefox-52.6.0-esr-32.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
firefox-52.6.0-esr-64.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
I get the same with Thunderbird (52.6.0):
thunderbird-52.6.0-esr-32.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
thunderbird-52.6.0-esr-64.tar.bz2: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND
I *think* that this signature flags *all* zipped JS files, and (IIRC)
both Firefox and Thunderbird have JS-containing JAR files. I hope that
is all it is.
P.S. My download script cleans up the filenames to make them easier to
understand and also removes spaces, which make the filenames awkward as
command line arguments.
More information about the clamav-users
mailing list