[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] Osx.Malware.Agent-5505694-0
From: Alain Zidouemba <azidouemba () sourcefire ! com>
Date: 2017-01-12 3:03:22
Message-ID: CAGQQWQmr_Casb=juhfJBfYVfC85w9M8p7FqH9mYKjDh+8fbhUg () mail ! gmail ! com
[Download RAW message or body]
It's been replaced by a different signature.
-Alain
On Wed, Jan 11, 2017 at 6:42 PM, Al Varnell <alvarnell@mac.com> wrote:
> Subject signature was added by daily - 22865 and then removed by daily -
> 22869.
>
> [daily.hsb] 52960200bf989064d77f0a158180e4ac:1101744:Osx.Malware.Agent-
> 5505694-0:73
>
> VirusTotal indicates that 14/54 other scanners believe this to be Malware
> (one of multiple variants of Advanced Mac Cleaner):
> <https://www.virustotal.com/en/file/ef5d8a5e115fb8dc047b5af9aaee05
> 200b7f09b7239de89d068d7fd7c318bf3d/analysis/>.
>
> One of many articles about this Malware (at a minimum PUA/PUP) can be
> found at "PCVARK plays dirty"
> <https://blog.malwarebytes.com/threat-analysis/2016/08/pcvark-plays-dirty/
> >.
>
> There have been no reports of False Positives to date involving this
> signature by ClamXav users.
>
> Can the ClamAV signature team share with us why it was removed?
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic