The offending signature will be dropped in the next daily.cvd. Until then, I'd suggest adding it to your local ignore database (.ign2). See https://www.clamav.net/documents/whitelist-databases for more information.  

Thanks,
demonduck


On Wed, Feb 5, 2020 at 9:13 AM Maarten Broekman via clamav-users <clamav-users@lists.clamav.net> wrote:
This signature is hitting false positives. It seems to be a relatively old signature, but the subsignatures seem to be rather generic so it's difficult to know why this is supposed to be malicious.

VIRUS NAME: Doc.Downloader.Emotet-7196349-0
TDB: Engine:51-255,Target:2
LOGICAL EXPRESSION: 0&1&2&3&4
 * SUBSIG ID 0
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
Bedfordshire
 * SUBSIG ID 1
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
Buckinghamshire
 * SUBSIG ID 2
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
Cambridgeshire
 * SUBSIG ID 3
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
Fantastic
 * SUBSIG ID 4
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
Gorgeous


MD5: 6e038caa6be70e02533b0a3c6c223b7d:3536896

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml