Nice responses, here is the hash f9933dfc18107383b4093206daba283d106f86acb6284c92632f5a43143040c6
I provided the file in question to F-SecureMicrosoft and Sophos labs for manual review and they returned no threat.

Odd that Microsoft still reports threat on Virustotal, my guess is that is due to autodetection.
https://www.virustotal.com/gui/file/f9933dfc18107383b4093206daba283d106f86acb6284c92632f5a43143040c6/detection 

Look forward to your thoughts.
Thanks,
Doug 

On Tue, Dec 10, 2019 at 11:33 AM Eric Tykwinski <eric-list@truenet.com> wrote:

Found an article on it:

https://www.intego.com/mac-security-blog/osxproton-malware-is-back-heres-what-mac-users-need-to-know/

 

 

 

From: clamav-users [mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Al Varnell via clamav-users
Sent: Tuesday, December 10, 2019 11:25 AM
To: ClamAV users ML
Cc: Al Varnell
Subject: Re: [clamav-users] Elmedia Player.app detection

 

That signature has been in the database since Oct 20, 2017 and is a hash signature, so there's little chance of it being an FP.

[daily.hsb] 17fe5ebacff74bfb6028eb371ceeaf2b:2484384:Osx.Trojan.Proton-6352635-0:73



-Al-

ClamXAV User

 

On Tue, Dec 10, 2019 at 06:02 AM, Douglas Stinnette wrote:

Seems to me that this is a false positive.
/Applications/Elmedia Player.app/Contents/MacOS/Elmedia Player  Osx.Trojan.Proton-6352635-0 FOUND

 

I sent a copy of the file to other vendors to double check it and they reported it was not malware.

I have submitted false positives to ClamAV before and never received an update on them:
https://www.clamav.net/reports/fp 

What do others do when they get ClamAV false positives?
Thanks,
Doug

 

 

 


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--


Doug Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933

 

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.