I have no what the verification process might be, if it even exists. According to VirusTotal's Relationships Information on this file, "While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk." so my guess would be that ClamAV picked this up from VirusTotal. What little I know about CarbonBlack is that it tends to identify anything it doesn't know about as suspicious.
If you have information that indicates it's a legitimate file and where it came from, then you should both upload it to <http://clamav.net/reports/fp> with an explanation as well as post that information back here. -Al- On Tue, Mar 06, 2018 at 09:23 PM, Lindon Ng wrote: > > Hello, > > > I would like to ask on how the virus definitions are actually verified? > > As a malware that I am looking at seems to be only detectable by ClamAV and > not other anti viruses on virustotal. Is this likely to be a false positive > or is it possible to ask why this malware is being flagged out only by ClamAV? > > > The signature definition is: > aa9ee67ebff4e0e4d3153d7f8c0cb3c2:995383:Win.Trojan.Agent-5604219-0:73. It was > released on 16 Jan 2017. > > > Thank you. > > > Cheers, > Lindon Ng
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml