[clamav-users] Andr.Dropper.Shedun-6840512-0 false positive ?
Arnaud Jacques
webmaster at securiteinfo.com
Wed Jun 5 08:09:22 UTC 2019
Hello,
Btw, Andr.Dropper.Shedun-6840810-0 has same problem.
Le 04/06/2019 à 09:11, Arnaud Jacques a écrit :
> Hello,
>
> For me, Andr.Dropper.Shedun-6840512-0 seems a false positive :
>
> VIRUS NAME: /tmp/daily/daily.ldb:Andr.Dropper.Shedun-6840512-0
> TDB: Engine:51-255,FileSize:4096-16384,Target:0
> LOGICAL EXPRESSION: 0
> * SUBSIG ID 0
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> lvik/system/DexClassLoader;Ljava/io/BufferedOutputStream;Lja
>
> As far as I know, DexClassLoader and BufferedOutputStream are legit
> Java/Android classes, and not malware related.
> What do you think about ?
>
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
More information about the clamav-users
mailing list