The signature was just added yesterday in daily:21498 and yes it is an MD5 of size 892 bytes, so it could well be an FP.
Not sure what you mean by “automatic created md5 Signature” and given that it’s a JavaScript I don’t know how you can conclude it’s contents “looks ok”, but you did the right thing by submitting it for consideration. AegisLab also seems to think it’s infected, but VT believes it’s “Probably harmless!": <https://www.virustotal.com/en/file/1f6d3e09969916e203c940124ef19b654464ed322c756530e1bcb1267cc93e2c/analysis/> This should be self evident, but for the ClamAV Signature Team’s Info: MD5=585005690e530e8047374cf14e479281 -Al- On Wed, Apr 20, 2016 at 12:02 AM, Hajo Locke wrote: > > Hello, > > there seems to be a new FP within a Wordpress Plugin. > Download ist here: > https://jetpack.com/install/?from=wporg > http://downloads.wordpress.org/plugin/jetpack.latest-stable.zip > > File jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js > is reported as Win.Trojan.Agent-1395367 > > Seems to be an automatic created md5 Signature, because content of file looks > ok > http://pastebin.com/zi2TcJJF > > I already reported this as FP at http://www.clamav.net/reports/fp > I hope to get this fixed fast because our costumers use this plugin a lot and > i dont want to make a new global whitelisting. > > Thanks, > Hajo
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
