Bitdefender - decoding results

ahaines · June 13, 2023, 7:51pm

How does one interpret the following entry from the log file:

222 V Build: [Engines: 2.17.3.1482, Stamp: 3], Multi: [Enabled, t: (0.000006,0.085792)], BW: [Enabled, t: (0.000014)], RTDA: [Enabled, t: (0.756102), Hit: Yes, Details: v2.53.0; Id: 16.kr7wz.1h2r2bmpt.1i6; mclb; categories: malware(bin); fipr(105m25405db08e9b7d9d07d789319623b63b:849); fz(10203a99a181a9e109e83f1c9b863bfd0a39:849); bin(819a795d3c2a5c156b9f9609fa15e228:899)], total: 899(775)

This is from an email sent internally that contains attachments.
I have narrowed it down to the Anti-Spam acting up by running “SCANFILE 31” which returns 227. All of the attachments have scanned clean via VirusTotal. So just what is BitDefender complaining about???

indreias · June 14, 2023, 5:16am

Hello Andrew,

The “V” shows that Bitdefender has classified it as “VIRUS” (as explained into the associated AFSL filter file).

More, because the details after [Engine:....] do not make any reference to a specific malware but it is saying: categories: malware(bin) this is an indication that the Bitdefender cloud analysis indicate a suspect content.

If you are sure that this is a False Positive situation please send the sample to our support team (into a password protected ZIP file) so it could be routed to Bitdender for further checks.

HTH,
Ioan