Mailing List Archive

Hi there,

On Mon, Nov 16, 2020 at 1:16 PM Alejandro Hern?ndez via clamav-users wrote:

> everybody says it is a false positive. Could you check it and tell
> me? (I've send it you before but no feedback)

I've seen nothing from you on the ClamAV Users' mailing list. Exactly
when did you first send it, and to exactly what address? Perhaps you
can send a short test reply to this message with no attachments to see
if it gets through.

The file name which you mention does seem to have been associated with
a few false positive reports in the past but Mr. Graham has given good
advice that you should check it on one of the public sites which allow
you to scan a file using many different scanners, such as VirusTotal.

Be aware that even if you scan a file with thirty different scanners
it may still not be safe, because some threats will be so new that the
people who maintain the scanners will not yet have had time to update
them to recognize the threats. If you think there's a risk that this
might be the case then it might be worth waiting a week or two, then
submitting the file to the scanning service again. However most of
the files which cause false positives will be at least weeks or months
old, and often they will be several years old. If you can _reliably_
verify the age of the file, that will help you decide whether you need
to wait some time and then do another scan. You cannot necessarily
rely on the file's timestamp in the directory which contains it, any
half-way competent malware author is capable of forging that, but if
you have the file e.g. on a CD somewhere and you can check that it's a
bit-for-bit copy of the one you're using on disc, that's a fair bet.

If you do send a test reply please send it to the list, not directly
to my clamav list address, as all mail sent directly to this address
will be rejected.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

what sense does it have to send an email with suspicious attachments of
more than 40 MBytes to a mailing list?

here are pieces of the E-mail header ...

X-Hold-in-Queue: Suspicious 'application/x-7z-compressed'-File=libcef.dll.7z
X-Hold-in-Queue: Suspicious 'application/x-7z-compressed'-File=libcef.dll.7z
X-Hold-in-Queue: Suspicious 'attachment'-File=filelibcef.dll.7z
X-Hold-in-Queue: Suspicious 'attachment'-File=filelibcef.dll.7z

Date: Mon, 16 Nov 2020 12:02:18 +0000

From: =?utf-8?q?Alejandro_Hern=C3=A1ndez_via_clamav-users?=
 <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: =?utf-8?B?QWxlamFuZHJvIEhlcm7DoW5kZXo=?= <alejandrolibre@disroot.org>
Errors-To: clamav-users-bounces@lists.clamav.net
Sender: "clamav-users" <clamav-users-bounces@lists.clamav.net>