Hi Alain,

That is nice to know. I am still trying to learn what files are detected across our systems.

/Users/smstiffler/Library/Application Support/zoom.us/zoom.us.app/Contents/Frameworks/annoter.bundle/Contents/MacOS/annoter Osx.Adware.TotalAdviseSearch-7489207-0 FOUND

Could you let me know the name of the next update?

Any suggestions on how I can restore the files locally?

Thanks,

Doug

On Thu, Jan 9, 2020 at 12:41 PM Alain Zidouemba <azidouemba@sourcefire.com> wrote:

Confirming that those are false positives, thanks for reporting. The offending signature has been dropped. This should be reflected in the next signature update.

- Alain

On Thu, Jan 9, 2020 at 12:29 PM Douglas Stinnette <dstinnet@vcu.edu> wrote:
This definition is detecting many files that appear to be safe.
Has anyone else seen this?
I have had no luck in getting ClamAV to address false positives in the past.

Files and paths I have seen so far but it seems to increase:
/Library/Application Support/Adobe/Adobe Desktop Common/ExchangePlugin/ExchangePluginDylib.dylib Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
/Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iTunesLibraryService.xpc/Contents/MacOS/com.apple.iTunesLibraryService Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
/Applications/Publisher Lite.app/Contents/Frameworks/iMedia.framework/Versions/A/iMedia Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
/Applications/TeX/TeXShop.app/Contents/MacOS/TeXShop Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
/Applications/Citrix Workspace.app/Contents/Resources/Templates/Citrix Viewer.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
/Applications/Citrix Workspace.app/Contents/Resources/Templates/DockApplication.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices Osx.Adware.TotalAdviseSearch-7489207-0 FOUN
/Library/Application Support/Citrix Receiver/Citrix Workspace Updater.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices Osx.Adware.TotalAdviseSearch-7489207-0 FOUND
usr/local/libexec/ReceiverHelper.app/Contents/Frameworks/ICAServices.framework/Versions/A/ICAServices Osx.Adware.TotalAdviseSearch-7489207-0 FOUND

--

Douglas Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Douglas Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.