[clamav-users] Virus definition question
Al Varnell
alvarnell at mac.com
Wed Mar 7 05:42:07 UTC 2018
I have no what the verification process might be, if it even exists.
According to VirusTotal's Relationships Information on this file, "While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk." so my guess would be that ClamAV picked this up from VirusTotal. What little I know about CarbonBlack is that it tends to identify anything it doesn't know about as suspicious.
If you have information that indicates it's a legitimate file and where it came from, then you should both upload it to <http://clamav.net/reports/fp> with an explanation as well as post that information back here.
-Al-
On Tue, Mar 06, 2018 at 09:23 PM, Lindon Ng wrote:
>
> Hello,
>
>
> I would like to ask on how the virus definitions are actually verified?
>
> As a malware that I am looking at seems to be only detectable by ClamAV and not other anti viruses on virustotal. Is this likely to be a false positive or is it possible to ask why this malware is being flagged out only by ClamAV?
>
>
> The signature definition is: aa9ee67ebff4e0e4d3153d7f8c0cb3c2:995383:Win.Trojan.Agent-5604219-0:73. It was released on 16 Jan 2017.
>
>
> Thank you.
>
>
> Cheers,
> Lindon Ng
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5260 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180306/229dfe17/attachment.bin>
More information about the clamav-users
mailing list