[clamav-users] Massive amount of false positives on Html.Trojan.Iframe-6390207-0 / Html.Trojan.Iframe-6390207-0

Wed, 06 Dec 2017 08:55:15 -0800 

VIRUS NAME: Html.Trojan.Iframe-6390207-0
TDB: Engine:51-255,FileSize:16384-65536,Target:3
LOGICAL EXPRESSION: 0
 * SUBSIG ID 0
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
><img src="images/pixel_trans.gif" border="0" alt="" width="100%

Question: how is that even something to be 'suspicious' of? There is zero
context around it let alone match on an iframe tag.

Similarly:
VIRUS NAME: Html.Trojan.Hidelink-6390190-0
TDB: Engine:51-255,FileSize:16384-65536,Target:0
LOGICAL EXPRESSION: 0
 * SUBSIG ID 0
 +-> OFFSET: ANY
 +-> SIGMOD: NONE
 +-> DECODED SUBSIGNATURE:
<![CDATA[ */
var dropdown = document.getElementById("cat");
fu

This seems like a common technique for generating dropdown menus for in CMS
applications.

Maarten
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to