Hello Andrew, Please ensure you're using the latest CVDs. Vbs.Trojan.AsyncRAT-9889434-2 was recently published to address some FPs encountered from revision 1 of the signature.
On Wed, May 17, 2023 at 4:42 AM Andrew Salway via clamav-users < clamav-users@lists.clamav.net> wrote: > Hello > > > > I am trying to understand why Splunk Cloud (which uses ClamAV) is giving a > false positive result on an app I am developing, specifically “ > Vbs.Trojan.AsyncRAT-9889434-1”. > > > > I’ve used “sigtool --find="Vbs.Trojan.AsyncRAT-9889434-1" to see its > signature which I understand comprises some subsignatures, but I’ve not > been able to find out details of what triggers this detection. > > > > By any chance is ClamAV using this yara rule > https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Asyncrat.yar > ? > > > > Thanks in advance for any answers or pointers. > > > > > *Disclaimer* > > The information contained in this communication from the sender is > confidential. It is intended solely for use by the recipient and others > authorized to receive it. If you are not the recipient, you are hereby > notified that any disclosure, copying, distribution or taking action in > relation of the contents of this information is strictly prohibited and may > be unlawful. > > This email has been scanned for viruses and malware, and may have been > automatically archived by Mimecast, a leader in email security and cyber > resilience. Mimecast integrates email defenses with brand protection, > security awareness training, web security, compliance and other essential > capabilities. Mimecast helps protect large and small organizations from > malicious activity, human error and technology failure; and to lead the > movement toward building a more resilient world. To find out more, visit > our website. > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat > -- Christopher Marczewski Research Engineer, Talos Cisco Systems 443-832-2975
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat