Hi there,
On Tue, 23 Feb 2021, Al Varnell via clamav-users wrote:
On Tue, Feb 23, 2021 at 19:12 PM, Ron Seguin via clamav-users wrote:
Yes, my apologies. It was VirusTotal. Here's the link. Thanks.
I noted that the scan was from six months ago, so I reanalyzed the
file and see that ClamAV no longer detects it as infected, although
31/62 scanners did. The signature itself was added to the ClamAV db
almost two years ago, on May 27, 2019, so does seem strange that it
detected six months ago, but not now. Only thing that changed in
that time period was the ClamAV scan engine.
It does start to sound like a regression. If one of you can let me
have a copy of the file I'll be glad to build a few old versions of
ClamAV and find out which versions detect it and which versions fail.
But maybe Talos has older versions set up ready to roll - you'd think
running a body of known bad files past the latest version to exercise
at least a representative fraction of all the signatures before its
release ought to be part of the release testing procedures. Micah?
--
73,
Ged.
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
