This signature is hitting false positives. It seems to be a relatively old signature, but the subsignatures seem to be rather generic so it's difficult to know why this is supposed to be malicious.
VIRUS NAME: Doc.Downloader.Emotet-7196349-0 TDB: Engine:51-255,Target:2 LOGICAL EXPRESSION: 0&1&2&3&4 * SUBSIG ID 0 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: Bedfordshire * SUBSIG ID 1 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: Buckinghamshire * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: Cambridgeshire * SUBSIG ID 3 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: Fantastic * SUBSIG ID 4 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: Gorgeous False positive VT scan: https://www.virustotal.com/gui/file/f5d047b2e88f2ebf7beb2593d877c7b9bd7b25d7c28fde0ca8540e96104556f1/detection MD5: 6e038caa6be70e02533b0a3c6c223b7d:3536896
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
