Hello,

I use ClamAV unofficial signatures and it seems that I get a false 

positiv, I m not sure. A known person with a gmail-address and MS 

Outlook 16.0 X-Mailer tries to send me a mail with a link to google docs 

(Google Sheets) and Amavis refuses to accept this mail. I scanned this 

file in the quarantaine again and I get the detection again and some 

other errors.

[more yyerror() ]

LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11389 

duplicate identifier "zeroaccess_js4"

LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11414 

duplicate identifier "zerox88_js2"

LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11444 

duplicate identifier "zerox88_js3"

LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 11472 

duplicate identifier "zeus_js"

LibClamAV Warning: load_oneyara: yara rule contains too many subsigs 

(1019, max: 64), skipping YARA.Backdoor_PHP_WPVCD_TempExecution

LibClamAV Warning: cli_loadyara: failed to parse or load 70 yara rules 

from file /var/lib/clamav/rfxn.yara, successfully loaded 713 rules.

/root/virusmail.txt: MBL_162693783.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------

Known viruses: 12844114

Engine version: 0.103.6

Scanned directories: 0

Scanned files: 1

Infected files: 1

Data scanned: 0.00 MB

Data read: 0.01 MB (ratio 0.00:1)

Time: 61.839 sec (1 m 1 s)

Start Date: 2022:07:22 10:59:19

End Date:   2022:07:22 11:00:21

I opened the file in the console. It s a multipart message, it contains 

the text and the typical ms html part of the message. I can't see where 

the danger lurks.

Any suggestions what I can do?

Thomas B