Sorry for all the confusion. My testing earlier today was in error.

OpenSSH version 7.2_p2 is in fact included with macOS Sierra 10.12 and includes 
the ssh-agent process which tests as infected with Win.Trojan.Agent-1760811 and 
is therefore a False Positive. 

I have submitted it to the web site at this time and has an MD5 of 

Virus Total shows only ClamAV detection:

This is the third FP submitted in the last two days where ClamAV is the only 
scanner on VT showing infection of a legitimate commercial software file, so I 
have to wonder if there is some systemic issue with the signature automation 
process now.


On Tue, Oct 11, 2016 at 08:11 PM, Al Varnell wrote:
> Heard back from one user that they have OpenSSH_7.2p2, LibreSSL 2.4.1 
> installed, which is not part of any standard OS X/macOS installation. I know 
> where I can get 7.2p1 (MacPorts) but no idea where his 7.2p2 came from.
> -Al-
> On Tue, Oct 11, 2016 at 06:56 PM, Al Varnell wrote:
>> Sorry, I misidentified ssh-agent as part of OpenSSL. It’s actually a 
>> component of SSH that’s included with OS X/macOS.
>> I’m still trying to track down a sample of the version involved here.
>> -Al-
>> On Tue, Oct 11, 2016 at 06:39 PM, Al Varnell wrote:
>>> I do not have a sample of ssh-agent to upload yet, so with nothing to 
>>> upload, I cannot file.
>>> The MD-5 of the file is the signature.
>>> Sent from Janet's iPad
>>> -Al-

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Help us build a comprehensive ClamAV guide:

Reply via email to