It's not unusual to see such things on machines running multiple A-V software packages. Vendors do their best to obfuscate and protect signatures for that reason, but it usually happens during updates when the signatures are unpacked to a tmp area as plain text before moving them to a protected area. If both are using the same strings as signatures, they will undoubtedly see such updates as matching.

-Al-

On Sat, Oct 13, 2018 at 09:40 AM, Jean-Francois Tasse wrote:

no, when I wanted to get it out of quarantine I was unable to get it because it came from a tmp folder during the update. I have attached a screenshot to this email, that is the best I can do. To translate it, it's saying that it is a trojan that is downloading other programs.

I have 3 virtual machine with Avast, AVG and Avira, I will see if I can reproduce it with the other antivirus. Up to now AVG did not see anything wrong.

JF

De : clamav-users <clamav-users-bounces@lists.clamav.net> de la part de Alain Zidouemba <azidouemba@sourcefire.com>
Envoyé : 13 octobre 2018 11:59:57
À : ClamAV users ML
Objet : Re: [clamav-users] Malware alert???

Do you have the specific signature name that alerted?

-Alain

On Oct 13, 2018, at 11:12 AM, Matthes, Marc <matthes@iowacentral.edu> wrote:

Same here

Marc Matthes

Director of Computer Networking Programs

Iowa Central CC

5155741099

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Jean-Francois Tasse <jft_quebec@hotmail.com>
Sent: Saturday, October 13, 2018 10:10:56 AM
To: ClamAV users ML
Subject: [clamav-users] Malware alert???

Today during ClamWin update:

main.cvd version 58

daily.cvd version 25033

bytecode version 327

Windows Defender stopped the update process saying that "TrojanDownloader:JS/Nemucod" was present. Scanned all of my system nothing found and tried updating ClamWin again and everything was ok.

anyone else got a weird message like that today?

JF