Thursday, February 18, 2010

Antivirus False Positive Validation

ClamAV running on a clients server flagged a packed javascript file as a virus. A co-worker recommended Virustotal website for testing and fortunately it appears to be a false positive based on the fact that only 1 (ClamAV) out of 41 anti-virus solutions flagged it as a virus.

Update: Javascript Unpacker tool.

Update 4/8/10: Jotti's Malware Scan
Also check out the following post from Kerbs:
Virus Scanners for Virus Authors - Part 1
Virus Scanners for Virus Authors - Part 2


No comments:

Post a Comment