Open byronmccollum opened 3 years ago
Thanks for the report @byronmccollum
I tested this and found that it worked okay in 0.103.2 but as with your experience, the .fp
signature for 933160.yaml
was not effective in 0.104.0-rc.
I have the same or similar issue in FreeBSD with this file ( https://termbin.com/mrudj ) but also with other files. I believe that .fp file is ignored.
ClamAV 0.103.3/26309/Fri Oct 1 12:03:53 2021
Whitelist is loaded:
LibClamAV debug: /var/db/clamav/cretaforce.fp loaded
md5 web357framework.class.php MD5 (web357framework.class.php) = 5927dcd98c1d9f6a06d50d58598713d5
grep 5927dcd98c1d9f6a06d50d58598713d5 cretaforce.fp 5927dcd98c1d9f6a06d50d58598713d5:13436:web357framework.class.php
clamscan web357framework.class.php /home/www/cretaftp/2/web357framework.class.php: {HEX}CretaForce.else.if.filter.json.decode.file.get.contents.UNOFFICIAL FOUND
----------- SCAN SUMMARY ----------- Known viruses: 8588436 Engine version: 0.103.3 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB Data read: 0.01 MB (ratio 1.67:1) Time: 14.343 sec (0 m 14 s) Start Date: 2021:10:02 00:19:13 End Date: 2021:10:02 00:19:28
Finally I had to sigtool --html-normalise the file first. So ignore my previous message.
Describe the bug
I have two files that are false positives, both have been added to the false positives list, but one continues to report as infected. The file in question can be found here.
How to reproduce the problem