Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-12 Thread Joel Esler (jesler)
I’ve dropped this sig. Thanks Al. Joel Esler jes...@cisco.com On Oct 12, 2016, at 4:07 AM, Al Varnell > wrote: Sorry for all the confusion. My testing earlier today was in error. OpenSSH version 7.2_p2 is in fact

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-12 Thread Al Varnell
Sorry for all the confusion. My testing earlier today was in error. OpenSSH version 7.2_p2 is in fact included with macOS Sierra 10.12 and includes the ssh-agent process which tests as infected with Win.Trojan.Agent-1760811 and is therefore a False Positive. I have submitted it to the web

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell
Heard back from one user that they have OpenSSH_7.2p2, LibreSSL 2.4.1 installed, which is not part of any standard OS X/macOS installation. I know where I can get 7.2p1 (MacPorts) but no idea where his 7.2p2 came from. -Al- On Tue, Oct 11, 2016 at 06:56 PM, Al Varnell wrote: > > Sorry, I

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell
Sorry, I misidentified ssh-agent as part of OpenSSL. It’s actually a component of SSH that’s included with OS X/macOS. I’m still trying to track down a sample of the version involved here. -Al- On Tue, Oct 11, 2016 at 06:39 PM, Al Varnell wrote: > > I do not have a sample of ssh-agent to

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell
I do not have a sample of ssh-agent to upload yet, so with nothing to upload, I cannot file. The MD-5 of the file is the signature. Sent from Janet's iPad Janet -- Janet Varnell On Oct 11, 2016, at 5:26 PM, "Joel Esler (jesler)" wrote: > Did you file a report on the

Re: [clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Joel Esler (jesler)
Did you file a report on the website? Sent from my iPhone > On Oct 11, 2016, at 7:34 PM, Al Varnell wrote: > > The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 is > identifying some version of OpenSSL’s ssh-agent to be reported as infected by > at

[clamav-users] Win.Trojan.Agent-1760811 FP with ssh-agent

2016-10-11 Thread Al Varnell
The Win.Trojan.Agent-1760811 signature released yesterday in daily - 22342 is identifying some version of OpenSSL’s ssh-agent to be reported as infected by at least three ClamXav users so far. I have not been able to identify which version of OpenSSL it involves, but probably not the ones