clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] FP-Report: Email.Trojan-417

Re: [clamav-users] FP-Report: Email.Trojan-417

From: Al Varnell <alvarnell_at_nospam>
Date: Tue May 13 2014 - 07:45:29 GMT
To: ClamAV users ML <>


Looking at the signature, I see your point, but it must also contain:

> Content-Transfer-Encoding: base64
> Content-Disposition: attachment

That would seem to be a given for almost any attachment, as well. I have no idea what the actual sample was, but there must be something much more unique that could have been used.

Looks to have been added to the database on 2012-12-13 (daily: 15772).


On Tue, May 13, 2014 at 12:27 AM, Julian Hansmann wrote:
> Hash: SHA1
> Dear ClamAV-Users and Developers,
> some time ago I reported a FP on the homepage on ClamAV. Unfortunately
> I haven't received a response nor has the signature in question be
> removed from the official database. So I'd like to ask what else can I
> do to get this fixed?
> This is the FP in question:
> Regardless of its content (even if it's empty) a mail which has a file
> with the suffix "" (case sensitive) attached will be detected
> as "Email.Trojan-417".
> Since this can be easily reproduced I won't include a sample to avoid
> further FPs.

Help us build a comprehensive ClamAV guide: