[clamav-users] Detection as PUA.Andr.Trojan.Generic-6878612-0

Al Varnell alvarnell at mac.com
Wed Mar 13 07:28:51 EDT 2019


Not sure exactly when this was added to the .ldu database, but by the name it's a Possibly Unwanted Android Application, so unlikely to be found in that many different types of files. The signature looks like this:

> VIRUS NAME: PUA.Andr.Trojan.Generic-6878612-0
> TDB: Engine:51-255,FileSize:1048576-4194304,Target:0
> LOGICAL EXPRESSION: 0
>  * SUBSIG ID 0
>  +-> OFFSET: ANY
>  +-> SIGMOD: NONE
>  +-> HEX: 010002110304211231054151611322718132061491a1b14223241552c16233347282d14307259253f0e1f163733516a2b283264493546445c2a3743617d255 e2

except that I added a space before the last two characters to prevent this e-mail from being detected as infected.

-Al-


On Mar 13, 2019, at 03:26, vamp898 via clamav-users <clamav-users at lists.clamav.net> wrote:
> Hi there,
> 
> since a few days we get a _lot_ detections for PUA.Andr.Trojan.Generic-6878612-0
> 
> Office Documents, ZIP Docuemnts, JPEG Images (containing nothing as JPEG) are all more and more detected at this type. Not all of them but way too much to see a real pattern what the actual issue is :(
> 
> Is that something known?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190313/e8cd19e0/attachment.html>


More information about the clamav-users mailing list