Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

2016-12-25 Thread Al Varnell
Here’s another: sigtool --find Win.Trojan.Toa-5370297-0|sigtool --decode-sigs VIRUS NAME: Win.Trojan.Toa-5370297-0 CONTAINER TYPE: CL_TYPE_ZIP CONTAINER SIZE: ANY FILENAME REGEX: ^[a-z0-9\-_]{1,30}_[a-zA-Z0-9\-]{1,15}\.js$ COMPRESSED FILESIZE: ANY UNCOMPRESSED FILESIZE: ANY ENCRYPTION: IGNORED

Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

2016-12-25 Thread Steve Basford
On Sun, December 25, 2016 10:40 am, Al Varnell wrote: > A handful of ClamXav users can confirm the Firefox > omni.ja:Win.Trojan.Toa-5370234-0. It also identified some Adobe products > as infected when run through QA. Firstly, Merry Christmas to all. Onto the FP's... basically they are too

Re: [clamav-users] More fp's. Now its almost everything that has been zipped.

2016-12-25 Thread Al Varnell
A handful of ClamXav users can confirm the Firefox omni.ja:Win.Trojan.Toa-5370234-0. It also identified some Adobe products as infected when run through QA. Reported as FP. -Al- On Dec 24, 2016, at 9:08 PM, Gene Heskett wrote: > Hi all. I am drowning in these for a