[clamav-users] Mail contains virus ? MBL_162040584.UNOFFICIAL and some errors.
Thomas Barth
tbarth at txbweb.de
Fri Jul 22 09:15:00 UTC 2022
Hello,
I use ClamAV unofficial signatures and it seems that I get a false
positiv, I m not sure. A known person with a gmail-address and MS
Outlook 16.0 X-Mailer tries to send me a mail with a link to google docs
(Google Sheets) and Amavis refuses to accept this mail. I scanned this
file in the quarantaine again and I get the detection again and some
other errors.
[more yyerror() ]
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11389
duplicate identifier "zeroaccess_js4"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11414
duplicate identifier "zerox88_js2"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11444
duplicate identifier "zerox88_js3"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11472
duplicate identifier "zeus_js"
LibClamAV Warning: load_oneyara: yara rule contains too many subsigs
(1019, max: 64), skipping YARA.Backdoor_PHP_WPVCD_TempExecution
LibClamAV Warning: cli_loadyara: failed to parse or load 70 yara rules
from file /var/lib/clamav/rfxn.yara, successfully loaded 713 rules.
/root/virusmail.txt: MBL_162693783.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 12844114
Engine version: 0.103.6
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.01 MB (ratio 0.00:1)
Time: 61.839 sec (1 m 1 s)
Start Date: 2022:07:22 10:59:19
End Date: 2022:07:22 11:00:21
I opened the file in the console. It s a multipart message, it contains
the text and the typical ms html part of the message. I can't see where
the danger lurks.
Any suggestions what I can do?
Thomas B
More information about the clamav-users
mailing list