[clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

Tilman Schmidt tschmidt at cardtech.de
Wed May 23 05:43:11 EDT 2018


We're getting frequent false positives from ClamAV for
Win.Exploit.Unicode_Mixed-1 in tcpdump files from our IDS.
Googling that virus name only turns up a few hits on virscan.org which
seem to be indicating a tendency of that signature to trigger on
logfiles and the like, but no actual information about the threat.

What is that signature trying to detect?
Is this a Known Problem?
What's the best way handle it?

-- 
Tilman Schmidt
Head of System and Network Engineering

Tel. 0221 / 95 64 95 .417
Fax 0221 / 95 64 95 .999
e-Mail tschmidt at cardtech.de

cardtech
Card & POS Service GmbH
Richard-Byrd-Straße 37
50829 Köln
www.cardtech.de

AG Köln, HRB 20164
Geschäftsführer: Dr. Dietrich Gottwald, Christof Kohns, Jens Mahlke,
Marcus W. Mosen



More information about the clamav-users mailing list