Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

Resending in case the first doesn't get through... On Wed, May 23, 2018 at 07:38 AM, Noel Jones wrote: > On 5/23/2018 4:43 AM, Tilman Schmidt wrote: >> We're getting frequent false positives from ClamAV for >> Win.Exploit.Unicode_Mixed-1 in tcpdump files from our IDS. >> Googling that virus name

Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

Am 23.05.2018 um 18:07 schrieb G.W. Haywood: > My advice would be a more general "use your loaf". :) Cute idiom. I had to google that. :-) ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

Hi there, On Wed, 23 May 2018, Noel Jones wrote: I think the best way to handle this is "don't scan pseudo-random files" My advice would be a more general "use your loaf". :) -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

On 5/23/2018 4:43 AM, Tilman Schmidt wrote: > We're getting frequent false positives from ClamAV for > Win.Exploit.Unicode_Mixed-1 in tcpdump files from our IDS. > Googling that virus name only turns up a few hits on virscan.org which > seem to be indicating a tendency of that signature to trigger

Re: [clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

On Wed, May 23, 2018 at 02:43 AM, Tilman Schmidt wrote: > We're getting frequent false positives from ClamAV for > Win.Exploit.Unicode_Mixed-1 in tcpdump files from our IDS. > Googling that virus name only turns up a few hits on virscan.org > which > seem to be indicating a

[clamav-users] Win.Exploit.Unicode_Mixed-1 false positives

We're getting frequent false positives from ClamAV for Win.Exploit.Unicode_Mixed-1 in tcpdump files from our IDS. Googling that virus name only turns up a few hits on virscan.org which seem to be indicating a tendency of that signature to trigger on logfiles and the like, but no actual information