[clamav-users] Osx.Adware.TotalAdviseSearch-7489207-0 FOUND

Thu Jan 9 18:03:23 UTC 2020

Hi Alain,

That is nice to know. I am still trying to learn what files are detected
across our systems.
/Users/smstiffler/Library/Application Support/
zoom.us/zoom.us.app/Contents/Frameworks/annoter.bundle/Contents/MacOS/annoter
 Osx.Adware.TotalAdviseSearch-7489207-0 FOUND

Could you let me know the name of the next update?
Any suggestions on how I can restore the files locally?

Thanks,
Doug

On Thu, Jan 9, 2020 at 12:41 PM Alain Zidouemba <azidouemba at sourcefire.com>
wrote:

> Confirming that those are false positives, thanks for reporting. The
> offending signature has been dropped. This should be reflected in the next
> signature update.
>
> - Alain
>
> On Thu, Jan 9, 2020 at 12:29 PM Douglas Stinnette <dstinnet at vcu.edu>
> wrote:
>
>> This definition is detecting many files that appear to be safe.
>> Has anyone else seen this?
>> I have had no luck in getting ClamAV to address false positives in the
>> past.
>>
>> Files and paths I have seen so far but it seems to increase:
>> /Library/Application Support/Adobe/Adobe Desktop
>> Common/ExchangePlugin/ExchangePluginDylib.dylib
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>> /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>> /Applications/Publisher
>> Lite.app/Contents/Frameworks/iMedia.framework/Versions/A/iMedia
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>> /Applications/TeX/TeXShop.app/Contents/MacOS/TeXShop
>> Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>> /Applications/Citrix Workspace.app/Contents/Resources/Templates/Citrix
>> Viewer.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>> /Applications/Citrix
>> Workspace.app/Contents/Resources/Templates/DockApplication.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUN
>> /Library/Application Support/Citrix Receiver/Citrix Workspace
>> Updater.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>> usr/local/libexec/ReceiverHelper.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices
>>  Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
>>
>> --
>>
>>
>> Douglas Stinnette
>>
>> VCU Technology Services
>>
>> Endpoint Security Specialist
>>
>> Virginia Commonwealth University
>>
>> 827-0933
>>
>>
>>
>> Don't be a phishing victim - VCU and other reputable organizations will
>> never use email to request that you reply with your password, Social
>> Security number or confidential personal information. For more details
>> visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

-- 

Douglas Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933

Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information. For more details
visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200109/58cde745/attachment.htm>