It's not unusual to see such things on machines running multiple A-V software packages. Vendors do their best to obfuscate and protect signatures for that reason, but it usually happens during updates when the signatures are unpacked to a tmp area as plain text before moving them to a protected area. If both are using the same strings as signatures, they will undoubtedly see such updates as matching.
-Al- On Sat, Oct 13, 2018 at 09:40 AM, Jean-Francois Tasse wrote: > no, when I wanted to get it out of quarantine I was unable to get it because > it came from a tmp folder during the update. I have attached a screenshot to > this email, that is the best I can do. To translate it, it's saying that it > is a trojan that is downloading other programs. > > I have 3 virtual machine with Avast, AVG and Avira, I will see if I can > reproduce it with the other antivirus. Up to now AVG did not see anything > wrong. > > JF > De : clamav-users <[email protected] > <mailto:[email protected]>> de la part de Alain Zidouemba > <[email protected] <mailto:[email protected]>> > Envoyé : 13 octobre 2018 11:59:57 > À : ClamAV users ML > Objet : Re: [clamav-users] Malware alert??? > > Do you have the specific signature name that alerted? > > -Alain > > On Oct 13, 2018, at 11:12 AM, Matthes, Marc <[email protected] > <mailto:[email protected]>> wrote: > >> Same here >> >> Marc Matthes >> Director of Computer Networking Programs >> Iowa Central CC >> 5155741099 >> >> From: clamav-users <[email protected] >> <mailto:[email protected]>> on behalf of Jean-Francois >> Tasse <[email protected] <mailto:[email protected]>> >> Sent: Saturday, October 13, 2018 10:10:56 AM >> To: ClamAV users ML >> Subject: [clamav-users] Malware alert??? >> >> Today during ClamWin update: >> main.cvd version 58 >> daily.cvd version 25033 >> bytecode version 327 >> >> Windows Defender stopped the update process saying that >> "TrojanDownloader:JS/Nemucod" was present. Scanned all of my system nothing >> found and tried updating ClamWin again and everything was ok. >> >> anyone else got a weird message like that today? >> >> JF
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
