[clamav-users] Detection as PUA.Andr.Trojan.Generic-6878612-0
alvarnell at mac.com
Wed Mar 13 07:28:51 EDT 2019
Not sure exactly when this was added to the .ldu database, but by the name it's a Possibly Unwanted Android Application, so unlikely to be found in that many different types of files. The signature looks like this:
> VIRUS NAME: PUA.Andr.Trojan.Generic-6878612-0
> TDB: Engine:51-255,FileSize:1048576-4194304,Target:0
> LOGICAL EXPRESSION: 0
> * SUBSIG ID 0
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> HEX: 010002110304211231054151611322718132061491a1b14223241552c16233347282d14307259253f0e1f163733516a2b283264493546445c2a3743617d255 e2
except that I added a space before the last two characters to prevent this e-mail from being detected as infected.
On Mar 13, 2019, at 03:26, vamp898 via clamav-users <clamav-users at lists.clamav.net> wrote:
> Hi there,
> since a few days we get a _lot_ detections for PUA.Andr.Trojan.Generic-6878612-0
> Office Documents, ZIP Docuemnts, JPEG Images (containing nothing as JPEG) are all more and more detected at this type. Not all of them but way too much to see a real pattern what the actual issue is :(
> Is that something known?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clamav-users