[clamav-users] Html.Malware.Agent-7380889-0 false positive on Apache files?
G.W. Haywood
clamav at jubileegroup.co.uk
Thu Nov 14 14:32:55 UTC 2019
Hi there,
On Wed, 13 Nov 2019, Christina Qian wrote:
> Thank you very much for your reply. I just realized that I was on the wrong
> thread though. I meant to ask the reason for the alarms below, or at least
> to confirm it's a false alarm, so I can just exclude the files. Do you or
> anybody on the list has information on this? Thanks.
> ...
> /folder_name/jupyter/miniconda2/include/openssl/tls1.h:
> YARA.php_malware_hexinject.UNOFFICIAL FOUND
> /folder_name/jupyter/miniconda2/pkgs/openssl-1.0.2k-1/include/openssl/tls1.h:
> YARA.php_malware_hexinject.UNOFFICIAL FOUND
> /folder_name/anaconda2/pkgs/openssl-1.0.2k-1/include/openssl/tls1.h:
> YARA.php_malware_hexinject.UNOFFICIAL FOUND
Those files are published in open source packages. If you have any
concerns about them you can always go to the originals and compare.
In my view scanning files in this way causes more problems (and this
is probably one of the most frequent) than it can ever solve.
--
73,
Ged.
More information about the clamav-users
mailing list