Hi,
I had yesterday a false positive on the Email.Phishing.VOF1-6295323-1
signature. It searches for filenames with this regex:
[a-z0-9]{4,15}[_\s\(\-]{1,2}[0-9\)]{3,9}(?![\d]).{0,14}\.js
The problem is that it hit on a zip attachment having only a few .json
files. Please edit that sig in order to add a \s at the end: \.js\s
I can't simply share the file that produced the false positive as this
is from a client. It looks like a backup of a laser tube cutting machine.
I've locally added this sig to the whitelist in the meantime.
Thanks a lot,
Laurent
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
I had yesterday a false positive on the Email.Phishing.VOF1-6295323-1
signature. It searches for filenames with this regex:
[a-z0-9]{4,15}[_\s\(\-]{1,2}[0-9\)]{3,9}(?![\d]).{0,14}\.js
The problem is that it hit on a zip attachment having only a few .json
files. Please edit that sig in order to add a \s at the end: \.js\s
I can't simply share the file that produced the false positive as this
is from a client. It looks like a backup of a laser tube cutting machine.
I've locally added this sig to the whitelist in the meantime.
Thanks a lot,
Laurent
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml