Mailing List Archive

Win.Malware.Krucky-7009041-0 false positive
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe:
Win.Malware.Krucky-7009041-0 FOUND

The file is from Adobe Acrobat (genuine file from 2011). Virustotal
hash:
https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb

Can we get the definition reviewed/removed please?

Thank you.
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
On 20.07.19 11:53, Groach via clamav-users wrote:
>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe:
>Win.Malware.Krucky-7009041-0 FOUND
>
>The file is from Adobe Acrobat (genuine file from 2011). Virustotal
>hash: https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
>
>Can we get the definition reviewed/removed please?

you should report false positive on:

https://www.clamav.net/reports/fp


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
Already have done. But I have never (no exaggeration) had any success
with it being actioned when reported only on that website. So I am also
sending this notification to the mail list on the hope that that is more
productive.

Thanks



On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
> On 20.07.19 11:53, Groach via clamav-users wrote:
>> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe:
>> Win.Malware.Krucky-7009041-0 FOUND
>>
>> The file is from Adobe Acrobat (genuine file from 2011). Virustotal
>> hash:
>> https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
>>
>> Can we get the definition reviewed/removed please?
>
> you should report false positive on:
>
> https://www.clamav.net/reports/fp
>
>
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
Hello,

Signature of Win.Malware.Krucky-7009041-0 has been ignored in
securiteinfo.ign2 since days, maybe weeks.
Download it now for free at
https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en


Le 20/07/2019 ? 13:35, Groach via clamav-users a ?crit?:
> Already have done. But I have never (no exaggeration) had any success
> with it being actioned when reported only on that website. So I am also
> sending this notification to the mail list on the hope that that is more
> productive.
>
> Thanks
>
>
>
> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
>> On 20.07.19 11:53, Groach via clamav-users wrote:
>>> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe:
>>> Win.Malware.Krucky-7009041-0 FOUND
>>>
>>> The file is from Adobe Acrobat (genuine file from 2011). Virustotal
>>> hash:
>>> https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
>>>
>>> Can we get the definition reviewed/removed please?
>>
>> you should report false positive on:
>>
>> https://www.clamav.net/reports/fp
>>
>>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

--
Cordialement / Best regards,

Arnaud Jacques
G?rant de SecuriteInfo.com

T?l?phone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La S?curit? Informatique - La S?curit? des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
Signature has already been dropped.

Sent from my ? iPhone

> On Jul 20, 2019, at 07:37, Groach via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Already have done. But I have never (no exaggeration) had any success with it being actioned when reported only on that website. So I am also sending this notification to the mail list on the hope that that is more productive.
>
> Thanks
>
>
>
>> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
>>> On 20.07.19 11:53, Groach via clamav-users wrote:
>>> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: Win.Malware.Krucky-7009041-0 FOUND
>>>
>>> The file is from Adobe Acrobat (genuine file from 2011). Virustotal hash: https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb
>>>
>>> Can we get the definition reviewed/removed please?
>>
>> you should report false positive on:
>>
>> https://www.clamav.net/reports/fp
>>
>>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
On 20/07/2019 19:02, Joel Esler (jesler) via clamav-users wrote:
> Signature has already been dropped.
>
> Sent from my ??? iPhone
>

Thanks Joel.

But I just updated the database and retested but it still records:

Scan Started Sat Jul 20 20:14:04 2019
-------------------------------------------------------------------------------


C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe:
Win.Malware.Krucky-7009041-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6346742
Engine version: 0.99.4
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 0.93 MB
Data read: 0.89 MB (ratio 1.04:1)
Time: 51.933 sec (0 m 51 s)

--------------------------------------
Completed
------------------------------------

Latest update:

ClamAV update process started at Sat Jul 20 20:13:28 2019
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)
Downloading daily-25516.cdiff [100%]
daily.cld updated (version: 25516, sigs: 1663900, f-level: 63, builder:
raynman)
bytecode.cld is up to date (version: 330, sigs: 94, f-level: 63,
builder: neo)
Database updated (6230243 signatures) from database.clamav.net (IP:
104.16.219.84)


When does the latest definition record the dropped signature?
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
I can confirm that it's still in the database thru today's daily 25516 update.

-Al-

On Sat, Jul 20, 2019 at 11:02 AM, Joel Esler (jesler) via clamav-users wrote:
> Signature has already been dropped.
>
> Sent from my ? iPhone
>
> On Jul 20, 2019, at 07:37, Groach via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>
>> Already have done. But I have never (no exaggeration) had any success with it being actioned when reported only on that website. So I am also sending this notification to the mail list on the hope that that is more productive.
>>
>> Thanks
>>
>>
>>
>> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
>>> On 20.07.19 11:53, Groach via clamav-users wrote:
>>>> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: Win.Malware.Krucky-7009041-0 FOUND
>>>>
>>>> The file is from Adobe Acrobat (genuine file from 2011). Virustotal hash: https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb <https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb>
>>>>
>>>> Can we get the definition reviewed/removed please?
>>>
>>> you should report false positive on:
>>>
>>> https://www.clamav.net/reports/fp <https://www.clamav.net/reports/fp>
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
It has been dropped by daily 25517 which should have been available about an hour ago and I'm no longer seeing it in the database after a freshclam update.

-Al-

On Sat, Jul 20, 2019 at 12:47 PM, Al Varnell via clamav-users wrote:
> I can confirm that it's still in the database thru today's daily 25516 update.
>
> -Al-
>
> On Sat, Jul 20, 2019 at 11:02 AM, Joel Esler (jesler) via clamav-users wrote:
>> Signature has already been dropped.
>>
>> Sent from my ? iPhone
>>
>> On Jul 20, 2019, at 07:37, Groach via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>>
>>> Already have done. But I have never (no exaggeration) had any success with it being actioned when reported only on that website. So I am also sending this notification to the mail list on the hope that that is more productive.
>>>
>>> Thanks
>>>
>>>
>>>
>>> On 20/07/2019 12:22, Matus UHLAR - fantomas wrote:
>>>> On 20.07.19 11:53, Groach via clamav-users wrote:
>>>>> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe: Win.Malware.Krucky-7009041-0 FOUND
>>>>>
>>>>> The file is from Adobe Acrobat (genuine file from 2011). Virustotal hash: https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb <https://www.virustotal.com/gui/file/5821567d7dd99623257aea794023ef4200e6e17fd09656b40d97c44a35c701bb>
>>>>>
>>>>> Can we get the definition reviewed/removed please?
>>>>
>>>> you should report false positive on:
>>>>
>>>> https://www.clamav.net/reports/fp <https://www.clamav.net/reports/fp>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
Confirmed. Updated and rescanned:



Scan Started Sun Jul 21 12:02:25 2019
-------------------------------------------------------------------------------


----------- SCAN SUMMARY -----------
Known viruses: 6349264
Scanned directories: 0
Scanned files: 1
Infected files: 0

Data scanned: 0.93 MB
Data read: 0.89 MB (ratio 1.04:1)
Time: 51.901 sec (0 m 51 s)

--------------------------------------
Completed
--------------------------------------

Thanks Al.



On 21/07/2019 10:54, Al Varnell via clamav-users wrote:
> It has been dropped by daily 25517 which should have been available
> about an hour ago and I'm no longer seeing it in the database after a
> freshclam update.
>
> -Al-
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
Yes, confirmed

Le 21/07/2019 ? 13:05, Groach via clamav-users a ?crit?:
> Confirmed.? Updated and rescanned:
>
>
>
> Scan Started Sun Jul 21 12:02:25 2019
> -------------------------------------------------------------------------------
>
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6349264
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
>
> Data scanned: 0.93 MB
> Data read: 0.89 MB (ratio 1.04:1)
> Time: 51.901 sec (0 m 51 s)
>
> --------------------------------------
> Completed
> --------------------------------------
>
> Thanks Al.
>
>
>
> On 21/07/2019 10:54, Al Varnell via clamav-users wrote:
>> It has been dropped by daily 25517 which should have been available
>> about an hour ago and I'm no longer seeing it in the database after a
>> freshclam update.
>>
>> -Al-
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

--
Cordialement / Best regards,

Arnaud Jacques
G?rant de SecuriteInfo.com

T?l?phone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La S?curit? Informatique - La S?curit? des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Win.Malware.Krucky-7009041-0 false positive [ In reply to ]
It may be waiting on peer review internally.

Sent from my ? iPhone

> On Jul 21, 2019, at 08:04, Arnaud Jacques <webmaster@securiteinfo.com> wrote:
>
> Yes, confirmed
>
>> Le 21/07/2019 à 13:05, Groach via clamav-users a écrit :
>> Confirmed.? Updated and rescanned:
>> Scan Started Sun Jul 21 12:02:25 2019
>> -------------------------------------------------------------------------------
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 6349264
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.93 MB
>> Data read: 0.89 MB (ratio 1.04:1)
>> Time: 51.901 sec (0 m 51 s)
>> --------------------------------------
>> Completed
>> --------------------------------------
>> Thanks Al.
>>> On 21/07/2019 10:54, Al Varnell via clamav-users wrote:
>>> It has been dropped by daily 25517 which should have been available about an hour ago and I'm no longer seeing it in the database after a freshclam update.
>>>
>>> -Al-
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/contact.html#ml
>
> --
> Cordialement / Best regards,
>
> Arnaud Jacques
> Gérant de SecuriteInfo.com
>
> Téléphone : +33-(0)3.44.39.76.46
> E-mail : aj@securiteinfo.com
> Site web : https://www.securiteinfo.com
> Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : @SecuriteInfoCom
>
> Securiteinfo.com
> La Sécurité Informatique - La Sécurité des Informations.
> 266, rue de Villers
> 60123 Bonneuil en Valois
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml