[clamav-users] Faux positif ClamAV
Arnaud Jacques
webmaster at securiteinfo.com
Mon Jun 3 08:50:31 UTC 2019
Hello Lionel,
> L'exécutable en question est le fichier "*jfxrt.jar*" (Java FX Runtime
> JAR File) et il est considéré comme "*PUA.Andr.Adware.Dowgin-6888245-0*"
> par ClamAV alors qu'aucun autre antivirus ne le voit comme une menace
> (testé avec VirusTotal).
If you look at the screenshot of Virustotal you sent, you can see that
Clamav does not detect the sample.
On my own Linux computer I cannot reproduce your problem :
# sha256sum jfxrt.jar
2a554529f3556cc79c2e42e22a467cc5f189bd2c73ba626cf66908a1d6474034 jfxrt.jar
# clamscan -V
ClamAV 0.100.3/25468/Sun Jun 2 10:00:03 2019
# clamscan --detect-pua jfxrt.jar --max-filesize=3000000000
--max-scansize=3000000000 --max-scriptnormalize=3000000000
--max-htmlnormalize=3000000000 --max-recursion=30 --max-embeddedpe=300M
jfxrt.jar: OK
----------- SCAN SUMMARY -----------
Known viruses: 8924964
Engine version: 0.100.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 26.12 MB
Data read: 17.59 MB (ratio 1.48:1)
Time: 114.523 sec (1 m 54 s)
Are you up-to-date ? What is your version of Clamav ? What is your
version of signature databases ?
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
More information about the clamav-users
mailing list