On 23-11-2019 13:04, Frans de Boer wrote:
LS,
I noticed a significant degradation of the performance on my systems,
which ended when I stopped clamonacc.
As I looked further, it seems that clamonacc is constantly looping
around the same file. As far as I can tell, the last file it scanned -
"G.W. Haywood via clamav-users" schrieb am
09.12.19 um 23:29:29 Uhr:
> Hi Micah,
>
> On Mon, 9 Dec 2019, Micah Snyder (micasnyd) via clamav-users wrote:
>
> > I haven't tried to replicate this issue, but I have an idea of what
> > might be going on.
> >
> > freshclam creates the /usr/local/sh
Nice responses, here is the hash
f9933dfc18107383b4093206daba283d106f86acb6284c92632f5a43143040c6
I provided the file in question to F-Secure, Microsoft and Sophos labs for
manual review and they returned no threat.
Odd that Microsoft still reports threat on Virustotal, my guess is that is
due to
Found an article on it:
https://www.intego.com/mac-security-blog/osxproton-malware-is-back-heres-wha
t-mac-users-need-to-know/
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
Of Al Varnell via clamav-users
Sent: Tuesday, December 10, 2019 11:25 AM
To: ClamAV u
That signature has been in the database since Oct 20, 2017 and is a hash
signature, so there's little chance of it being an FP.
[daily.hsb]
17fe5ebacff74bfb6028eb371ceeaf2b:2484384:Osx.Trojan.Proton-6352635-0:73
-Al-
ClamXAV User
On Tue, Dec 10, 2019 at 06:02 AM, Douglas Stinnette wrote:
> Seem
Hey Douglas!
Would you like to provide the hash of the file? That would help us confirm
it's a FP. There's also a research about a specific version of Elmedia
Player being trojanized that might provide more insight:
https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/
Seems to me that this is a false positive.
/Applications/Elmedia Player.app/Contents/MacOS/Elmedia Player
Osx.Trojan.Proton-6352635-0 FOUND
I sent a copy of the file to other vendors to double check it and they
reported it was not malware.
I have submitted false positives to ClamAV before and ne
