[clamav-users] Elmedia Player.app detection
Lilia Gonzalez Medina
liligonz at sourcefire.com
Tue Dec 10 15:17:03 UTC 2019
Hey Douglas!
Would you like to provide the hash of the file? That would help us confirm
it's a FP. There's also a research about a specific version of Elmedia
Player being trojanized that might provide more insight:
https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/
Best regards,
Lilia
On Tue, Dec 10, 2019 at 9:03 AM Douglas Stinnette <dstinnet at vcu.edu> wrote:
>
> Seems to me that this is a false positive.
> /Applications/Elmedia Player.app/Contents/MacOS/Elmedia Player
> Osx.Trojan.Proton-6352635-0 FOUND
>
> I sent a copy of the file to other vendors to double check it and they
> reported it was not malware.
>
> I have submitted false positives to ClamAV before and never received an
> update on them:
> https://www.clamav.net/reports/fp
>
> What do others do when they get ClamAV false positives?
> Thanks,
> Doug
>
> --
>
>
> Doug Stinnette
>
> VCU Technology Services
>
> Endpoint Security Specialist
>
> Virginia Commonwealth University
>
> 827-0933
>
>
>
> Don't be a phishing victim - VCU and other reputable organizations will
> never use email to request that you reply with your password, Social
> Security number or confidential personal information. For more details
> visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20191210/78f97f57/attachment.htm>
More information about the clamav-users
mailing list