It helps the signature team locate those submitted files faster if you post their hash values here.
-Al-
On Tue, Jul 31, 2018 at 01:53 AM, Albrecht, Peter wrote:
Hello,Since Saturday (2018-07-28) we are seeing many reports from clamscan havingfound (possibly) infected files. I suspect these are false positives because checkingthe files on virustotal.com returns only clamav reporting them as infected.The reported files are mostly jar files used by our applications (e.g. httpclient-*.jar,httpcore-*.jar in different versions). These are the signatures which produce mostof the reports:Html.Malware.Agent-6625161-0Html.Malware.Agent-6625163-0Html.Malware.Agent-6625207-0Html.Malware.Agent-6625208-0Html.Malware.Agent-6625209-0Html.Malware.Agent-6625345-0Currently, we have whitelisted the above signatures. I suspect that it is an errorin the database because that's the only thing that has changed since Friday. Weare using clamav 0.99.4 and 0.100.0 on Linux with a daily update of the virussignatures.I have uploaded the file which generated the most reports yesterday to clamav.netand requested doublechecking if that would be a false positive.Does anybody else see such a behaviour? Any ideas of what might be the reason?Any suggestions what to do? Whitelisting all reported signatures would not be ourpreferred solution ...Thanks a lot,Peter AlbrechtSenior Linux Administrator Wirecard Service Technologies GmbHEinsteinring 35 | 85609 Aschheim | GermanyTel: +49 (0) 89 4424-191076https://www.wirecard.com________________________________________________________________________________________________________Amtsgericht München HRB Nummer 238 150Geschäftsführer: Thomas Neef, Susanne Steidl, Yiannakis IoannouVERTRAULICHE INFORMATIONEN! Diese E-Mail enthält vertrauliche Informationen und ist nur für den berechtigten Empfängerbestimmt. Wenn diese E-Mail nicht für Sie bestimmt ist, bitten wir Sie, diese E-Mail an uns zurückzusenden und anschließendauf Ihrem Computer und Mail-Server zu löschen. Solche E-Mails und Anlagen dürfen Sie weder nutzen, noch verarbeiten oder Dritten zugänglich machen, gleich in welcher Form. Wir danken für Ihre Kooperation!CONFIDENTIAL! This email contains confidential information and is intended for the authorized recipient only. If you are not an authorised recipient please return the email to us and then delete it from your computer and mail-server. You may neither use nor edit any such emails including attachments, nor make them accessible to third parties in any manner whatsoever. Thank you for your cooperation._______________________________________________clamav-users mailing listclamav-users@lists.clamav.nethttp://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-usersHelp us build a comprehensive ClamAV guide:https://github.com/vrtadmin/clamav-faqhttp://www.clamav.net/contact.html#ml