This is a test signature that should have never made it through. We're immediately dropping it and pushing out a new build.

On Fri, Jun 24, 2022 at 9:51 AM Maarten Broekman via clamav-users <clamav-users@lists.clamav.net> wrote:
It's 100% a bad signature and should get removed. 

I just checked the current version of the akismet plugin (https://wordpress.org/plugins/akismet/) from WordPress and it is detected by this signature but by nothing else:
https://virusscan.jotti.org/en-US/filescanjob/00ecsxf7es
https://www.virustotal.com/gui/file/8ae9cc337449fd0daa82e3f1c329689ecc4de8905244f97e401be6fe3af33704

A month ago, this file wasn't detected by anything.

I came in to work to find almost 2000 hits from this signature on zip files ranging from WordPress plugins to zipped up log directories.

--Maarten

On Fri, Jun 24, 2022 at 9:12 AM G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
Hi there,

On Fri, 24 Jun 2022, Cyrille37 wrote:

> I don't understand why, but it appends this morning on already existed files
> (in the wp-cli cache folder) :
>
> Start Date: 2022:06:24 12:15:01
> End Date:   2022:06:24 12:15:17
> /home/caf37-pt/.wp-cli/cache/core/wordpress-5.8.3-fr_FR.zip:
> Archive.Test.Agent2-9953724-0 FOUND
> ...
> I could not find on the web some discussions about
> "Archive.Test.Agent2-9953724-0" except this one
> https://answers.sap.com/questions/13665326/upload-application-content-failed-malware-detected.html

The signature is mentioned in this morning's automated email from the
ClamAV signatures database update process.

I suspect that you're seeing a false positive, that's always a risk
with new or updated signatures.

Perhaps you can upload one of the flagged files to e.g. Jotti's Virus
Scan or VirusTotal to see what a few other scanners make of it.

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975