Mailing List Archive

Not sure exactly when this was added to the .ldu database, but by the name it's a Possibly Unwanted Android Application, so unlikely to be found in that many different types of files. The signature looks like this:

> VIRUS NAME: PUA.Andr.Trojan.Generic-6878612-0
> TDB: Engine:51-255,FileSize:1048576-4194304,Target:0
> LOGICAL EXPRESSION: 0
> * SUBSIG ID 0
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> HEX: 010002110304211231054151611322718132061491a1b14223241552c16233347282d14307259253f0e1f163733516a2b283264493546445c2a3743617d255 e2

except that I added a space before the last two characters to prevent this e-mail from being detected as infected.

-Al-


On Mar 13, 2019, at 03:26, vamp898 via clamav-users <clamav-users@lists.clamav.net> wrote:
> Hi there,
>
> since a few days we get a _lot_ detections for PUA.Andr.Trojan.Generic-6878612-0
>
> Office Documents, ZIP Docuemnts, JPEG Images (containing nothing as JPEG) are all more and more detected at this type. Not all of them but way too much to see a real pattern what the actual issue is :(
>
> Is that something known?

On Wed, 13 Mar 2019 11:26:06 +0100 vamp898 wrote:
>
> Hi there,
>
> since a few days we get a _lot_ detections for
> PUA.Andr.Trojan.Generic-6878612-0
>
> Office Documents, ZIP Docuemnts, JPEG Images (containing nothing as
> JPEG) are all more and more detected at this type. Not all of them but
> way too much to see a real pattern what the actual issue is :(
>
> Is that something known?
>

Yes, I'm having the same issue. Several hundred emails in IMAP folder are FOUND
with this PUA. Many of these messages are one or more years old, many of the
emails are generated from with my office and are unlikely to contain malware.

I'm wondering how legit this is and whether to actually go through and remove
hundreds of message from user's mail folder or to set .ign2 to ignore this
signature.

--Mark

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

PUA.Andr.Trojan.Generic-6878612-0 has also been dropped earlier today and will be removed in the next daily update.

Regards,
Micah

?On 3/13/19, 7:33 AM, "clamav-users on behalf of Mark Foley" <clamav-users-bounces@lists.clamav.net on behalf of mfoley@novatec-inc.com> wrote:

On Wed, 13 Mar 2019 11:26:06 +0100 vamp898 wrote:
>
> Hi there,
>
> since a few days we get a _lot_ detections for
> PUA.Andr.Trojan.Generic-6878612-0
>
> Office Documents, ZIP Docuemnts, JPEG Images (containing nothing as
> JPEG) are all more and more detected at this type. Not all of them but
> way too much to see a real pattern what the actual issue is :(
>
> Is that something known?
>

Yes, I'm having the same issue. Several hundred emails in IMAP folder are FOUND
with this PUA. Many of these messages are one or more years old, many of the
emails are generated from with my office and are unlikely to contain malware.

I'm wondering how legit this is and whether to actually go through and remove
hundreds of message from user's mail folder or to set .ign2 to ignore this
signature.

--Mark

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml