Hey Douglas!

Would you like to provide the hash of the file? That would help us confirm it's a FP. There's also a research about a specific version of Elmedia Player being trojanized that might provide more insight: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/

Best regards,
Lilia

On Tue, Dec 10, 2019 at 9:03 AM Douglas Stinnette <dstinnet@vcu.edu> wrote:

Seems to me that this is a false positive.
/Applications/Elmedia Player.app/Contents/MacOS/Elmedia Player  Osx.Trojan.Proton-6352635-0 FOUND

I sent a copy of the file to other vendors to double check it and they reported it was not malware.

I have submitted false positives to ClamAV before and never received an update on them:
https://www.clamav.net/reports/fp

What do others do when they get ClamAV false positives?
Thanks,
Doug

--


Doug Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933

 

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml