I have no what the verification process might be, if it even exists.

According to VirusTotal's Relationships Information on this file, "While 
monitoring an end-user machine in-the-wild, CarbonBlack noticed the following 
files in execution wrote this sample to disk." so my guess would be that ClamAV 
picked this up from VirusTotal. What little I know about CarbonBlack is that it 
tends to identify anything it doesn't know about as suspicious.

If you have information that indicates it's a legitimate file and where it came 
from, then you should both upload it to <http://clamav.net/reports/fp> with an 
explanation as well as post that information back here.


On Tue, Mar 06, 2018 at 09:23 PM, Lindon Ng wrote:
> Hello,
> I would like to ask on how the virus definitions are actually verified?
> As a malware that I am looking at seems to be only detectable by ClamAV and 
> not other anti viruses on virustotal. Is this likely to be a false positive 
> or is it possible to ask why this malware is being flagged out only by ClamAV?
> The signature definition is: 
> aa9ee67ebff4e0e4d3153d7f8c0cb3c2:995383:Win.Trojan.Agent-5604219-0:73. It was 
> released on 16 Jan 2017.
> Thank you.
> Cheers,
> Lindon Ng

Attachment: smime.p7s
Description: S/MIME cryptographic signature

clamav-users mailing list

Help us build a comprehensive ClamAV guide:


Reply via email to