Clamscan found a PE "visor.exe.svn-base" that matched Win.Trojan.Agent-793284 FOUND.
That said, ran it through virustotal.com with results here https://goo.gl/flJl6j I know pasting a shortened URL in a AV mailing list :-) 11 of 56 scanners detect a signature, however the file in question is on a linux system, and hasn't been touched since 2010, and so I am not too worried as it's a homogeneous local LAN of all linux systems, it's just the first time we've ran a clamscan on this box. Is there a way, or an online tutorial, or some other information to decompose the signature and the file easily to determine if it's a false positive or not? I realize this is a complete science in and of itself, but I am looking for a way for our tier 0 folks to quickly discern if they need to wake up the whole enterprise at 3am in the future. Thanks much! _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
