[clamav-users] ClamAV has detected Pdf.Phishing.CWS4c384287-9890237-0
Andreas Rulle
andreas.rulle at itek.de
Tue Sep 14 11:10:14 UTC 2021
Hello ClamAV-Team,
thank you that you have evaluated the reported file again, as it has
been announced in your email reply to the false positive report.
During the last security scan it has been marked as
Pdf.Malware.Agent-9892145-0, as it is now on virustotal.com, see [1].
The relations tab on virustotal shows that the following URL has been
contacted:
https://ardownload3.adobe.com/pub/adobe/reader/win/AcrobatDC/2100520060/AcroRdrDCUpd2100520060_MUI.msp
<https://www.virustotal.com/gui/url/7c4e67e54d907af04cc1d8acaa55d85a4a9576e6bb3bb7a8f593b805ee6853ae>
This URL seems point to the last Acrobat Reader download that includes a
security patch. No security vendors flagged this URL as malicious, see [2].
There are questions that we have at the moment. What is the best way to
explain to external partners why the file is a threat and what concrete
harm it can cause?
It would be really great if you could give us a hint to answer those
questions.
With best regards,
Andreas
[1]:
https://www.virustotal.com/gui/file/d35e58f4654ce1c72c76693b8b3d29132bc7e5d9ed3219e0c16d1cbb309235a4/
[2]:
https://www.virustotal.com/gui/url/7c4e67e54d907af04cc1d8acaa55d85a4a9576e6bb3bb7a8f593b805ee6853ae/detection
--
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210914/fcdaf3f5/attachment.htm>
More information about the clamav-users
mailing list