I am seeing these mostly on files that comprise the OpenLayers library in phpMyAdmin 4.
On Tue, Nov 22, 2016 at 2:11 PM, Joel Esler (jesler) <[email protected]> wrote: > Mark, > > Thanks for the feedback, you are right, I am experiencing some high counts > in the Txt.Malware.Agent family. > > I’ve disabled this engine for now. > > -- > Joel Esler | Talos: Manager | [email protected]<mailto:[email protected]> > > > > > > > On Nov 22, 2016, at 12:02 PM, Mark Allan <[email protected]<mailto:m > [email protected]>> wrote: > > Hi all, > > I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] > containing a number of files which ClamAV incorrectly detects as various > strains of Txt.Malware.Agent > > My experience may be slightly skewed, but it seems that the rate of FPs > has increased a lot lately, and they mostly appear to be being caused by > hash-based signatures. I'm wondering if this is related to Joel's recent > admission that the signature generation process is almost entirely > automated now. > > Is it possible that someone is targeting ClamAV and reporting known-clean > files as if they were infected? To what end, I'm not sure, but I can't > shake the feeling that something's not right... > > Mark > > _______________________________________________ > clamav-users mailing list > [email protected]<mailto:[email protected]> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
