I’m hearing from a couple of ClamXav users that several applications are being identified as infected with Win.Adware.Softpulse-215. All these applications contain the StuffIt framework.
I’ve uploaded the StuffIt Expander.app.zip to the ClamAV FP page with MD5 44f5ab1439a9c9c06b46aeb31b265e1e which included infected frameworks as follows: (/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]sit5.exe) = ebe780c5859a324995f9603276e5b4fa (/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]sitx.exe) = a9d1a8144b8ce0b3637ab11dcd48638d (/Applications/StuffIt Expander.app/Contents/Frameworks/StuffIt.framework/Versions/B/Resources/[self]zip.exe) = 7f55eba65a7a91081f2a8ecaa4bf5dc7 For some reason VirusTotal ClamAV identifies it as Win.Adware.Softpulse-218 <https://www.virustotal.com/en/file/9bca9c9581182d3d6ed015179a12f68c94fa21b11cb3ef98a16265cd70fd7032/analysis/1453098213/> This definition was included in Friday’s daily.cvd Version: 21262, and I have received additional reports of FP’s on the following signatures but do not have access to samples at this time: Adware.Browsefox-12346 Win.Trojan.Agent-953862 Win.Adware.Agent-59030 Swf.Exploit.CVE_2015_5122-1 -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
