Mailing List Archive: ClamAV: users

Why can't I send in false positives?

Index | Next | Previous | View Threaded

danq at runbox

Jun 22, 2013, 3:33 AM

Post #1 of 3 (159 views)
Permalink

Why can't I send in false positives?

Hi,

A long time ago, I used to occasionally submit false positives detected
by ClamAV when they would show up. However, I have tried occasionally to
submit these same two false positives in place for months now, and they
are still being reported.

1. W6EL Propagation Prediction
File: W6ELPropInst270.exe
Description: Installer for ham radio software I have used for many
years. Only the installer (and not any of the installed program files)
is detected as a false positive.
Official page: http://www.qsl.net/w6elprop/
Detected as: Heuristic.Trojan.SusPacked.6173702D7374756666

2. Sleuth 2004
File: Sleuth.exe
Description: 2004 Windows remake of DOS murder mystery game.
Official page: down
Detected as: Win.Trojan.Vbiframe-143

I try occasionally to submit these files, and they never seem to be
accepted. I also check "Notify me" but the ClamAV team never gets back
to me about this. Anyone know why the form hasn't accepted my
submissions in months?

Thank you,

--

-Dan Q

Attachments:

signature.asc (0.48 KB)

jesler at sourcefire

Jun 24, 2013, 7:33 AM

Post #2 of 3 (137 views)
Permalink

Re: Why can't I send in false positives? [In reply to]

On Jun 22, 2013, at 6:33 AM, Daniel Quintiliani <danq [at] runbox> wrote:

> Hi,
>
> A long time ago, I used to occasionally submit false positives detected
> by ClamAV when they would show up. However, I have tried occasionally to
> submit these same two false positives in place for months now, and they
> are still being reported.
>
> 1. W6EL Propagation Prediction
> File: W6ELPropInst270.exe
> Description: Installer for ham radio software I have used for many
> years. Only the installer (and not any of the installed program files)
> is detected as a false positive.
> Official page: http://www.qsl.net/w6elprop/
> Detected as: Heuristic.Trojan.SusPacked.6173702D7374756666
>
> 2. Sleuth 2004
> File: Sleuth.exe
> Description: 2004 Windows remake of DOS murder mystery game.
> Official page: down
> Detected as: Win.Trojan.Vbiframe-143
>
> I try occasionally to submit these files, and they never seem to be
> accepted. I also check "Notify me" but the ClamAV team never gets back
> to me about this. Anyone know why the form hasn't accepted my
> submissions in months?

Can you send us the md5's of the files you submitted so we can take a look?

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

Attachments:

signature.asc (0.20 KB)

danq at runbox

Jun 24, 2013, 12:42 PM

Post #3 of 3 (134 views)
Permalink

Re: Why can't I send in false positives? [In reply to]

On 6/24/2013 10:33 AM, Joel Esler wrote:
> On Jun 22, 2013, at 6:33 AM, Daniel Quintiliani <danq [at] runbox> wrote:
>
>> 1. W6EL Propagation Prediction
>> File: W6ELPropInst270.exe
>> Description: Installer for ham radio software I have used for many
>> years. Only the installer (and not any of the installed program files)
>> is detected as a false positive.
>> Official page: http://www.qsl.net/w6elprop/
>> Detected as: Heuristic.Trojan.SusPacked.6173702D7374756666
>>

W6ELPropInst270.exe
MD5: 5BA0D0422A2E7FABA986CED2F585EF8A
SHA1: E7B9F193E40F37A15FB89AF10E185465C958D880
SHA256: C435A44762B505078BED1BC152788F7AD3DB604898680980F2597DAB6B40A5E7

>> 2. Sleuth 2004
>> File: Sleuth.exe
>> Description: 2004 Windows remake of DOS murder mystery game.
>> Official page: down
>> Detected as: Win.Trojan.Vbiframe-143
>>
>>

Sleuth.exe:
MD5: FCE8D2A19C1AEAA0954AC10C420AC7E1
SHA1: 2152F94C7C0CA432182AFEDD486FE9211D1408E7
SHA256: 8C66832018300E2AF3E1FC42FCE337EDDCE839FADB8CC8A8C484671D89C31B6B

>
> Can you send us the md5's of the files you submitted so we can take a look?
>

--

-Dan Q

Attachments:

signature.asc (0.48 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads