Hi there, On Mon, 1 Aug 2022, Viktor Rosenfeld via clamav-users wrote:
about a month ago I reported a possible false positive on nodejs executables and related files [1]. After checking with Jotti’s Virus Scan and Virustotal, I also (twice) submitted the files to the ClamAV website as false positives [2]. I haven’t received a notification after the false positive submissions and, meanwhile, newer versions of nodejs are still reported as being infected. What else can I do to verify that this is indeed a false positive? Best, Viktor [1] https://lists.clamav.net/pipermail/clamav-users/2022-June/012717.html [2] https://www.clamav.net/reports/fp
If this is indeed a false positive, given the popularity of node.js I'm a little surprised that you're still seeing ClamAV hits as I'd have expected the ClamAV signature team to be onto it fairly promptly. The signature database has the facility to whitelist falsely flagged files using a digest. These are propagated with the 'daily' updates. Are you sure that your signature database is up to date? What version of 'daily' do you have? If you can post an example file somewhere for me to download I can take a look at it. (Alternatively post a link to where you got the file, AND the MD5 digest of the file that ClamAV is flagging so that we all know that we're looking at the same thing.) Micah, may we have an authoritative opinion on the use of the virusdb mailing list to report things like this? I feel sure that a while ago in one of your messages to this list you gave an email alternative to the Web form for FP submissions. If indeed such a message exists (and I haven't found it) I can't remember what that alternative might be. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
