'Re: [clamav-users] False Positive BC.Exploit.CVE_2010_0815.BC.Exploit.CVE_2010_0815'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [clamav-users] False Positive BC.Exploit.CVE_2010_0815.BC.Exploit.CVE_2010_0815
From:       "Alexander \"Sasha\" Y. Avanesov" <spiritofdiscovery () gmail ! com>
Date:       2012-01-30 21:48:19
Message-ID: 20A6C134-2F0D-48C3-A8BE-1675BAEEFE73 () gmail ! com
[Download RAW message or body]

Thanks for the tip, Matt. I just uploaded both files.

Thanks,
Sasha




On Jan 30, 2012, at 3:00 AM, clamav-users-request@lists.clamav.net wrote:

> From: Matt Watchinski <mwatchinski@sourcefire.com>
> Subject: Re: [clamav-users] False Positive \
>                 BC.Exploit.CVE_2010_0815.BC.Exploit.CVE_2010_0815
> Date: January 29, 2012 6:55:08 PM PST
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
> 
> 
> Have you uploaded the files that are being incorrectly detected here:
> http://www.clamav.net/lang/en/sendvirus/submit-fp/
> 
> ?
> 
> Cheers,
> -matt
> 
> On Sat, Jan 28, 2012 at 7:22 PM, Alexander "Sasha" Y. Avanesov
> <spiritofdiscovery@gmail.com> wrote:
> > Hello,
> > 
> > ClamAV falsely detects a BC.Exploit.CVE_2010_0815 in a ".ppt" file. I ran the \
> > file through VirusTotal and only ClamAV shows it as infected. I found a 2-year \
> > old message related to this issue: 
> > http://lurker.clamav.net/search/20380101.000000.00000000@ml:clamav-users,false,positive,bc.exploit.cve%5F2010%5F0815.en.html
> >  
> > http://www.gossamer-threads.com/lists/clamav/users/48954
> > 
> > though it was never fully resolved. Alain Zidouemba reported he updated the \
> > detection for CVE_2010_0815, but Ewald Beekam reported he continued to have the \
> > problem. There was no response and I am also having this issue. 
> > Please advise on this.
> > 
> > Thanks for your time and effort!
> > 
> > Sincerely,
> > Sasha
> > 
> > P.S. I am running release 0.97.2 (using ClamXav), so I don't know if the 0.97.3 \
> > takes care of this or not, but given that this issue persisted for over 2 years, \
> > I doubt anything has been done. Any help with this would be greatly appreciated. 
> > P.P.S I also had a false positive on BC.Exploit.CVE_2010_3970 in Word document \
> > (that I created and which only had a numbered list of about 10 items), though \
> > VirusTotal reports the file is clean (aside from the ClamAV scan). After I copied \
> > the contents of an "infected" file into a new word document, the file is reported \
> > as clean, but I do wonder if this is another ClamAV issue that needs to be looked \
> > into. Thanks again for your help. 
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> > http://www.clamav.net/support/ml
> 
> 
> 
> -- 
> Matthew Watchinski
> V.P. Vulnerability Research (VRT)
> Sourcefire, Inc.
> Office: 410-423-1928
> http://vrt-blog.snort.org && http://www.snort.org/vrt/
> 
> 
> 
> 
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic