Hi, One of my teammate recently got notified about (more) trojans since the 21640 update http://lists.clamav.net/pipermail/clamav-virusdb/2016-May/002964.html
A derivated version of jquery-1.2.6.pack.js now matches a known signature: # download original JQ $ wget http://code.jquery.com/jquery-1.2.6.pack.js # play with whitespace to match SVN raw file $ sed -r -e 1i$'\x0a' -e '/Date:|Rev:/s/ \$$//' -e '/Date:|Rev:/s/\$//' jquery-1.2.6.pack.js > jquery-1.2.6.pack.mod.js $ clamscan jquery-1.2.6.pack.mod.js > Win.Trojan.Agent-1430626 FOUND Given the importance of today (closed-source) javascript in computing tasks that makes sense. But I fear this wasn't not expected. Out of curiosity, how/who/why does it comes from? How many such false positive does the DB possibly contains already? best regards _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
