Hi Tilman,

Yes please do report the FP!

-Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Dec 21, 2018, at 9:11 AM, Tilman Schmidt 
<tschm...@cardtech.de<mailto:tschm...@cardtech.de>> wrote:

Since yesterday, ClamAV started to report:

[clamAV_Log 20.12.2018 23:00:01]
[clamAV_Log 20.12.2018 23:00:01]
-------------------------------------------------------------------------------
[clamAV_Log 20.12.2018 23:00:01]
[clamAV_Log 20.12.2018 23:00:01] /var/log/sid_changes.log:
Multios.Coinminer.Miner-6781728-1 FOUND
[clamAV_Log 20.12.2018 23:00:01] /usr/local/SVN/bin/snort/sid-msg.map:
Multios.Coinminer.Miner-6781728-1 FOUND
[clamAV_Log 20.12.2018 23:00:01]
[clamAV_Log 20.12.2018 23:00:01] ----------- SCAN SUMMARY -----------
[clamAV_Log 20.12.2018 23:00:01] Known viruses: 6744079
[clamAV_Log 20.12.2018 23:00:01] Engine version: 0.100.2
[clamAV_Log 20.12.2018 23:00:01] Scanned directories: 119091
[clamAV_Log 20.12.2018 23:00:01] Scanned files: 405895
[clamAV_Log 20.12.2018 23:00:01] Infected files: 2
[clamAV_Log 20.12.2018 23:00:01] Data scanned: 32014.83 MB
[clamAV_Log 20.12.2018 23:00:01] Data read: 32193.35 MB (ratio 0.99:1)
[clamAV_Log 20.12.2018 23:00:01] Time: 2518.809 sec (41 m 58 s)

on all our Snort servers.

snort/sid-msg.map contains Snort rules generated by PulledPork. (5 MB)
/var/log/sid_changes.log is the log from PulledPork. (7 MB)
Both are plain text files.
Offhand, I do not see anything in either of them to warrant the
classification.

Is this expected behaviour?
Should I upload the log and/or rules file as a false positive?

Thanks,
Tilman
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to