I see that Daily - 22584 drops three of them: * Txt.Malware.Agent-1811885
* Txt.Malware.Agent-1835895 * Txt.Malware.Agent-1835897 -Al- On Tue, Nov 22, 2016 at 11:17 AM, Maarten Broekman wrote: > > I am seeing these mostly on files that comprise the OpenLayers library in > phpMyAdmin 4. > > On Tue, Nov 22, 2016 at 2:11 PM, Joel Esler (jesler) <[email protected]> > wrote: > >> Mark, >> >> Thanks for the feedback, you are right, I am experiencing some high counts >> in the Txt.Malware.Agent family. >> >> I’ve disabled this engine for now. >> >> -- >> Joel Esler | Talos: Manager | [email protected]<mailto:[email protected]> >> >> >> >> >> >> >> On Nov 22, 2016, at 12:02 PM, Mark Allan <[email protected]<mailto:m >> [email protected]>> wrote: >> >> Hi all, >> >> I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] >> containing a number of files which ClamAV incorrectly detects as various >> strains of Txt.Malware.Agent >> >> My experience may be slightly skewed, but it seems that the rate of FPs >> has increased a lot lately, and they mostly appear to be being caused by >> hash-based signatures. I'm wondering if this is related to Joel's recent >> admission that the signature generation process is almost entirely >> automated now. >> >> Is it possible that someone is targeting ClamAV and reporting known-clean >> files as if they were infected? To what end, I'm not sure, but I can't >> shake the feeling that something's not right... >> >> Mark >> >> _______________________________________________ >> clamav-users mailing list >> [email protected]<mailto:[email protected]> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >> _______________________________________________ >> clamav-users mailing list >> [email protected] >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
