Thank you for taking a look, my understanding of this is also limited, but I'm using 0.105.0.0

With these signatures

ClamAV update process started at Sat Jul 9 19:32:19 2022
daily.cvd database is up-to-date (version: 26596, sigs: 1989075, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

and this version still flags it, I didn't want to create a new email to the

https://lists.clamav.net/mailman/listinfo/clamav-virusdb

Not to create a duplicate, but it might be necessary
maybe there they can help to understand what is happening

On Sat, Jul 9, 2022 at 7:26 PM G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:

Hi there,

On Sat, 9 Jul 2022, Al Varnell via clamav-users wrote:

> ...
> ----------- SCAN SUMMARY -----------
> Known viruses: 12318966
> Engine version: 0.104.1
> ...
> ... it would appear that there is a valid False Positive entry in
> the database for four different files ...
> ...
> So why it's being detected remains a mystery!

A guess: I see you're still using 0.104.1, maybe upgrade your ClamAV?

|| https://blog.clamav.net/2022/03/clamav-01050-release-candidate-now.html
||
|| "Fixed an issue causing byte-compare sub-signatures to cause an alert
|| when they match even if other conditions of the given logical
|| signatures were not met."

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat