JAR files can be unpacked like tarballs so it is likely that there is a common file in each that matches those hashes.
Maarten Sent from a tiny keyboard > On Aug 7, 2018, at 04:54, Albrecht, Peter <peter.albre...@wirecard.com> wrote: > > Hi, > >> I don't see how that is even remotely possibly. They are three completely >> different hash signatures: >> >> [daily.hsb] >> 9027093eab2a193081a763001e947371:4292:Html.Malware.Agent-6625344-0:73 >> [daily.hsb] >> 5591165097d53565d4e5f4e9fda8241a:7367:Html.Malware.Agent-6625164-0:73 >> [daily.hsb] >> f4116176a108054001a0e29e2ea105e6:6996:Html.Malware.Agent-6625283-0:73 >> >> You should have already submitted this file to ClamAV as a false positive, >> so what was it's MD5 hash? > > I have submitted two files which have been reported. Their MD5 sums are: > > 88cc3123fce88d61b7c2cdbfc33542c5 httpclient-4.3.3.jar > 9221d898bfa2fa19fa9bc307351f34a1 storm-submit-tools-1.1.1.jar > > Strangely, they are reported with the same signature. And after whitelisting > the first > one, the second one is reported. And then the third ... > > This started about 10 days ago, nothing has been reported before that. > > Thanks, > > Peter Albrecht > Senior Linux Administrator > > Wirecard Service Technologies GmbH > Einsteinring 35 | 85609 Aschheim | Germany > Tel: +49 (0) 89 4424-191076 > https://www.wirecard.com > ________________________________________________________________________________________________________ > > Amtsgericht München HRB Nummer 238 150 > > Geschäftsführer: Thomas Neef, Susanne Steidl, Yiannakis Ioannou > > VERTRAULICHE INFORMATIONEN! Diese E-Mail enthält vertrauliche Informationen > und ist nur für den berechtigten Empfänger > bestimmt. Wenn diese E-Mail nicht für Sie bestimmt ist, bitten wir Sie, diese > E-Mail an uns zurückzusenden und anschließend > auf Ihrem Computer und Mail-Server zu löschen. Solche E-Mails und Anlagen > dürfen Sie weder nutzen, noch verarbeiten oder > Dritten zugänglich machen, gleich in welcher Form. Wir danken für Ihre > Kooperation! > > CONFIDENTIAL! This email contains confidential information and is intended > for the authorized recipient only. If you are > not an authorised recipient please return the email to us and then delete it > from your computer and mail-server. You may neither > use nor edit any such emails including attachments, nor make them accessible > to third parties in any manner whatsoever. > Thank you for your cooperation. > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
