Re: [clamav-users] Andr.Dropper.Shedun-6840512-0 false positive ?
Hello, Btw, Andr.Dropper.Shedun-6840810-0 has same problem. Le 04/06/2019 à 09:11, Arnaud Jacques a écrit : Hello, For me, Andr.Dropper.Shedun-6840512-0 seems a false positive : VIRUS NAME: /tmp/daily/daily.ldb:Andr.Dropper.Shedun-6840512-0 TDB: Engine:51-255,FileSize:4096-16384,Target:0 LOGICAL EXPRESSION: 0 * SUBSIG ID 0 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: lvik/system/DexClassLoader;Ljava/io/BufferedOutputStream;Lja As far as I know, DexClassLoader and BufferedOutputStream are legit Java/Android classes, and not malware related. What do you think about ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Andr.Dropper.Shedun-6840512-0 false positive ?
Hello, For me, Andr.Dropper.Shedun-6840512-0 seems a false positive : VIRUS NAME: /tmp/daily/daily.ldb:Andr.Dropper.Shedun-6840512-0 TDB: Engine:51-255,FileSize:4096-16384,Target:0 LOGICAL EXPRESSION: 0 * SUBSIG ID 0 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: lvik/system/DexClassLoader;Ljava/io/BufferedOutputStream;Lja As far as I know, DexClassLoader and BufferedOutputStream are legit Java/Android classes, and not malware related. What do you think about ? -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml