[clamav-users] libclamunrar.dll being quarantined by Vipre Enterprise
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Feb 18 18:24:04 UTC 2020
Thanks for the heads up Brian!
We've reached out to Microsoft to attempt to address the issue. I will also reach out to the UnRAR developer to make sure he is aware. Even if Microsoft changes their detection, I suspect the others will continue to alert and we may want to reach out to some of the other companies to correct the FP.
-Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On 2/18/20, 9:18 AM, "clamav-users on behalf of Steve Basford" <clamav-users-bounces at lists.clamav.net on behalf of steveb_clamav at sanesecurity.com> wrote:
On 2020-02-18 13:58, Brian Fluet wrote:
> File libclamunrar.dll from ClamAV 0.102.2 win x86 portable is being
> quarantined by Sunbelt Vipre Enterprise as Trojan.GenericKD.42582612.
>
> The first detection was at 5:44 PM EST on Friday Feb 14.
>
> Microsoft is the only product that flags it as infected on VirusTotal
> as Trojan:Win32/Detplock.
>
> I submitted the file as a false positive to Sunbelt yesterday but
> have not heard back.
>
> I apologize if this ends up being a duplicate post. I attempted one
> yesterday that has not appeared in the archives.
>
SHA-256
8244bc93e71a78be156adf1bfef0785b4f3cd6725d095ffe7ed528ff08e8458c
Other AV's are also flagging... but maybe the same FP signature:
https://www.virustotal.com/gui/file/8244bc93e71a78be156adf1bfef0785b4f3cd6725d095ffe7ed528ff08e8458c/detection
--
Cheers,
Steve
Sanesecurity
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list