I see that Daily - 22584 drops three of them: * Txt.Malware.Agent-1811885
* Txt.Malware.Agent-1835895 * Txt.Malware.Agent-1835897 -Al- On Tue, Nov 22, 2016 at 11:17 AM, Maarten Broekman wrote: > > I am seeing these mostly on files that comprise the OpenLayers library in > phpMyAdmin 4. > > On Tue, Nov 22, 2016 at 2:11 PM, Joel Esler (jesler) <jes...@cisco.com> > wrote: > >> Mark, >> >> Thanks for the feedback, you are right, I am experiencing some high counts >> in the Txt.Malware.Agent family. >> >> I’ve disabled this engine for now. >> >> -- >> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> >> >> >> >> >> >> >> On Nov 22, 2016, at 12:02 PM, Mark Allan <markjal...@gmail.com<mailto:m >> arkjal...@gmail.com>> wrote: >> >> Hi all, >> >> I've just submitted a zip file [MD5 ec585bf6626a5a3649726bde4e00a3f7] >> containing a number of files which ClamAV incorrectly detects as various >> strains of Txt.Malware.Agent >> >> My experience may be slightly skewed, but it seems that the rate of FPs >> has increased a lot lately, and they mostly appear to be being caused by >> hash-based signatures. I'm wondering if this is related to Joel's recent >> admission that the signature generation process is almost entirely >> automated now. >> >> Is it possible that someone is targeting ClamAV and reporting known-clean >> files as if they were infected? To what end, I'm not sure, but I can't >> shake the feeling that something's not right... >> >> Mark >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml