[clamav-users] is this realy a positive? Html.Trojan.Exploit-112 FOUND
alvarnell at mac.com
Mon Mar 4 03:57:19 EST 2019
It's been in the database for many years, so doubt that it's invalid, but could still be an FP in your specific case. The signature looks like this:
VIRUS NAME: Html.Trojan.Exploit-112
TARGET TYPE: HTML
bc f3 e3 f2 e9 f0 f4
[I padded the hex string with spaces to prevent this e-mail from being detected].
ClamAV doesn't publish detailed information most of it's signatures. Only the original signature writer might have it in his notes and I doubt he still works for them. Each vendor uses it's own unique name for signatures, so it's no wonder you weren't able to find anything, although I did find this from Dec 2017 which appears to believe it might be a False Positive from a Time Machine backup: <https://forum.qnapclub.de/thread/45902-virenfund-timemachinebackup-wie-finde-ich-die-dateien-auf-dem-macbook/>.
You should upload that file to <https://www.virustotal.com> to help make your case.
Then it should be uploaded to <http://www.clamav.net/reports/fp> so that it get's to the ClamAV signature team for resolution.
You may get faster results if you post the link to VirusTotal results and a hash value for the file back here, to make it easier for all to help resolve it.
> On Mar 4, 2019, at 00:24, Henrik Hoeg Thomsen1 via clamav-users <clamav-users at lists.clamav.net> wrote:
> Our Clamav scan just reported this signature to be forund in one of my syslogarchives.
> Html.Trojan.Exploit-112 FOUND
> My best guess is that it is false-positive, as this filesystem is totally isolated from any interactive user access.
> But where can i find the details behind this alert ?
> Google has no match on this.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3880 bytes
Desc: not available
More information about the clamav-users