Pertti Karppinen
2018-10-10 12:46:27 UTC
The FP reporting form at https://www.clamav.net/reports/fp seems not
to be working in my browser, but I found a false positive that is easy
to reproduce. In a linux system zip file produced by these following
commands triggers Email.Phishing.VOF1-6313981-0:
dd if=/dev/urandom of=fubar.txt bs=1k count=10
zip -m test.docx fubar.txt
zip -m test test.docx
Now when you send the test.zip as an email attachment it triggers
Email.Phishing.VOF1-6313981-0.
--
Pertti Karppinen
Suora puhelinnumero 014 445 5105
Sähköposti ***@online.fi
Online Solutions Oy - http://www.online.fi/
Puhelinvaihde 014 445 5100, Telekopio 014 445 5101
Tutustu SecMail -sähköpostiturvapalveluumme: http://www.secmail.com/
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
to be working in my browser, but I found a false positive that is easy
to reproduce. In a linux system zip file produced by these following
commands triggers Email.Phishing.VOF1-6313981-0:
dd if=/dev/urandom of=fubar.txt bs=1k count=10
zip -m test.docx fubar.txt
zip -m test test.docx
Now when you send the test.zip as an email attachment it triggers
Email.Phishing.VOF1-6313981-0.
--
Pertti Karppinen
Suora puhelinnumero 014 445 5105
Sähköposti ***@online.fi
Online Solutions Oy - http://www.online.fi/
Puhelinvaihde 014 445 5100, Telekopio 014 445 5101
Tutustu SecMail -sähköpostiturvapalveluumme: http://www.secmail.com/
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml