[clamav-users] FP with Osx.Trojan.EmPyre-6852410-0
Christopher Marczewski
cmarczewski at sourcefire.com
Thu Feb 14 15:59:43 UTC 2019
Osx.Trojan.EmPyre-6852410-0 has been dropped.
On Wed, Feb 13, 2019 at 9:04 PM Al Varnell <alvarnell at mac.com> wrote:
> Not only that, it's the installer package for an update to the macOS
> Malware Removal Tool and only being detected by ClamAV here:
> <
> https://www.virustotal.com/#/file/c81d0180cbfa858d6f3faf445514cbb53675d4f469beaa5638eb95a3a8d5d0f1/detection
> >.
>
> Sent from my iPad
>
> -Al-
>
> On Feb 13, 2019, at 14:40, Mark Allan <markjallan at gmail.com> wrote:
>
> Hey folks,
>
> Signature "Osx.Trojan.EmPyre-6852410-0
> <https://www.virustotal.com/gui/search/clamav%253A%2522Osx.Trojan.EmPyre-6852410-0%2522>"
> is generating an FP against a file signed and distributed by Apple.
>
> File hash is
> c81d0180cbfa858d6f3faf445514cbb53675d4f469beaa5638eb95a3a8d5d0f1
>
> Mark
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190214/7719ac2f/attachment.htm>
More information about the clamav-users
mailing list