Build 26583 for daily.cvd is ready for use. We're also taking additional steps and safety measures to ensure experimental signatures are not eligible for additions to any published CVD.

On Fri, Jun 24, 2022 at 10:36 AM Christopher Marczewski <cmarczewski@sourcefire.com> wrote:
This is a test signature that should have never made it through. We're immediately dropping it and pushing out a new build.

On Fri, Jun 24, 2022 at 9:51 AM Maarten Broekman via clamav-users <clamav-users@lists.clamav.net> wrote:
It's 100% a bad signature and should get removed. 

I just checked the current version of the akismet plugin (https://wordpress.org/plugins/akismet/) from WordPress and it is detected by this signature but by nothing else:

A month ago, this file wasn't detected by anything.

I came in to work to find almost 2000 hits from this signature on zip files ranging from WordPress plugins to zipped up log directories.

--Maarten

On Fri, Jun 24, 2022 at 9:12 AM G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
Hi there,

On Fri, 24 Jun 2022, Cyrille37 wrote:

> I don't understand why, but it appends this morning on already existed files
> (in the wp-cli cache folder) :
>
> Start Date: 2022:06:24 12:15:01
> End Date:   2022:06:24 12:15:17
> /home/caf37-pt/.wp-cli/cache/core/wordpress-5.8.3-fr_FR.zip:
> Archive.Test.Agent2-9953724-0 FOUND
> ...
> I could not find on the web some discussions about
> "Archive.Test.Agent2-9953724-0" except this one
> https://answers.sap.com/questions/13665326/upload-application-content-failed-malware-detected.html

The signature is mentioned in this morning's automated email from the
ClamAV signatures database update process.

I suspect that you're seeing a false positive, that's always a risk
with new or updated signatures.

Perhaps you can upload one of the flagged files to e.g. Jotti's Virus
Scan or VirusTotal to see what a few other scanners make of it.

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975


--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975