On 22/01/2010, at 17.33, Török Edwin wrote: > On 01/22/2010 05:42 PM, Jon Bendtsen wrote: >> I do need to worry about your and any other ClamAV installation. The software >> in question is something we programmed and released ourselves. We can not >> have a situation where our customers think our software contains a >> virus/Trojan. >> > > The signature is a PE section MD5 hash: > 25600:bedd56a8c32b0eebc11178708aa6d056:Trojan.Agent-136369 > > So that signature specifically matches one of the sections in your > executable file. > Does your file use some packer/obfuscator/installer?
we use nsis > Malware authors use it often also, so this signature might actually be > the unpacker/installer stub, > and not the malware itself. > > But if this is a software your program and release yourself the answer > is simple: rebuild the software from its sources, > and run clamscan on the new file. If it is still reporting the same > malware, and you are sure you've done the build in a clean environment, > then submit it as false positive here: > http://clamav.net/sendvirus I will do that. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
