[clamav-users] False positive, My program is recently Started to be flagged with Win.Dropper.Tinba-9943147-0
Christopher Marczewski
cmarczewski at sourcefire.com
Mon Jul 11 23:48:59 UTC 2022
Looks like allmatch scanning may be confined to the PUA CVDs if the first
signature alert is a PUA signature, as was the case here.
PUA.Win.Packer.Exe-6 alerted on this sample during the report processing,
but no additional signature alerted. A manual scan without PUA signatures
enabled resulted in the expected FP hit.
I've dropped the signature after examining the binary and will check with
the dev team on this case.
On Mon, Jul 11, 2022 at 5:20 PM Yaron Elharar via clamav-users <
clamav-users at lists.clamav.net> wrote:
> Did anybody from the ClamAV team had the chance to take a look at this?
>
>
>
> On Sun, 10 Jul 2022, 9:27 G.W. Haywood via clamav-users, <
> clamav-users at lists.clamav.net> wrote:
>
>> Hi there,
>>
>> On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote:
>>
>> > I've never seen a user post to that list and I've subscribed to it
>> > for decades. My impression has always been it's for database update
>> > announcements only.
>>
>> You might be right Al but I took the URI from a list post and ISTR that
>> a while back Micah suggested it as a way to report FPs which might get
>> a quicker response than using the Web form or the submission utility.
>>
>> But these ol' neurones aren't what they used to be.
>>
>> --
>>
>> 73,
>> Ged.
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220711/6c628e08/attachment.htm>
More information about the clamav-users
mailing list