On 2011-01-19 22:00, Christopher X. Candreva wrote: > On Wed, 19 Jan 2011, Christopher X. Candreva wrote: > >> On Wed, 19 Jan 2011, Roy McMorran wrote: >> >>> The virus submission page won't let me upload my sample though - "Result: >>> This >>> file is not detected by ClamAV". How can this be? >> >> I've just tried to submit a virus sample and am running into the same issue. > > > I should clarify - a FALSE POSITIVE sample for BC.PDF.Producer.JSHIP > >> Some testing shows that neither clamscan not clamdscan will flag it as a >> virus, either the .pdf itself or the message in mbox format. >> >> However, clamav-milter blocks it with this name. BC.PDF.Producer.JSHIP > > I'm guesing the web site passes it to clamscan/clamdscan, which says it's > OK, and is why the web site tell us it's not recognized.
Yes. If I scan the file on my box it says "OK" too. Apparently only big-endian architectures show this false positive: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2478 > > >> Is there an alternate way to get a sample to the team ? Opened a bug about this: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2477 For now I got samples via private mail, and I think I figured out what is wrong, bytecode 122 should have a workaround for the bug. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
