Thanks for the heads up Brian! We've reached out to Microsoft to attempt to address the issue. I will also reach out to the UnRAR developer to make sure he is aware. Even if Microsoft changes their detection, I suspect the others will continue to alert and we may want to reach out to some of the other companies to correct the FP.
-Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On 2/18/20, 9:18 AM, "clamav-users on behalf of Steve Basford" <[email protected] on behalf of [email protected]> wrote: On 2020-02-18 13:58, Brian Fluet wrote: > File libclamunrar.dll from ClamAV 0.102.2 win x86 portable is being > quarantined by Sunbelt Vipre Enterprise as Trojan.GenericKD.42582612. > > The first detection was at 5:44 PM EST on Friday Feb 14. > > Microsoft is the only product that flags it as infected on VirusTotal > as Trojan:Win32/Detplock. > > I submitted the file as a false positive to Sunbelt yesterday but > have not heard back. > > I apologize if this ends up being a duplicate post. I attempted one > yesterday that has not appeared in the archives. > SHA-256 8244bc93e71a78be156adf1bfef0785b4f3cd6725d095ffe7ed528ff08e8458c Other AV's are also flagging... but maybe the same FP signature: https://www.virustotal.com/gui/file/8244bc93e71a78be156adf1bfef0785b4f3cd6725d095ffe7ed528ff08e8458c/detection -- Cheers, Steve Sanesecurity _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
