[clamav-users] False Positive Detected - Win.Malware.Triusor-6824994-0

Christopher Marczewski cmarczewski at sourcefire.com
Tue Jan 22 11:13:06 EST 2019


Hello Matt,

Thanks for the report. We've dropped the signature & will investigate
further.

On Tue, Jan 22, 2019 at 7:43 AM Matt Muir <matt at clamxav.com> wrote:

> Hi all,
>
> I discovered a false positive detection of Win.Malware.Triusor-6824994-0 in
> the database.  Detection is occurring in fresh installs of macOS 10.10 -
> 10.14 in the following files:
>
>
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ensurepip/_bundled/pip-6.1.1-py2.py3-none-any.whl
>
> and
>
> /Applications/Adobe After Effects CC 2015.3/Plug-ins/MAXON CINEWARE
> AE/(CINEWARE
> Support)/bin/resource/modules/python/Python.osx.framework/lib/python2.7/ensurepip/_bundled/pip-1.5.6-py2.py3-none-any.whl
>
> I’ve submitted a report to the false positive page, the hash is
> 172eb5abab25a5e0f7a7b63c7a49378d.
>
> Cheers,
> Matt
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190122/f8959647/attachment.html>


More information about the clamav-users mailing list