[clamav-users] Not detecting valid malicious file if the zip file contains corrupted zip file

Benny Pedersen me at junc.eu
Thu Jan 10 10:42:13 EST 2019


Vijayakumar U skrev den 2019-01-10 15:42:

> When a malicious file is inside zip file and if zip file contains some
> other corrupted zip file, the malicious file is not filtered as virus.

+1

please start using foxhole 3dr party signatures to stop this malwares 
with double packed archives

> Sample link - ZXW2.6-Blackfish2.0.zip -
> https://drive.google.com/drive/folders/129LvUWJNnp_P-qzXIxA5nqlyS0lnraQB

ZXW2.6.exe is undetected on gdrive, so it can be downloaded, on 
virustotal.com its detected on 18 out of 68 scanners :)

i have sent this file to http://www.clamav.net/reports/malware as a 
false negative

thanks for reporting and using clamav



More information about the clamav-users mailing list