'Re: [clamav-users] False Positive & File Decompression errors'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [clamav-users] False Positive & File Decompression errors
From:       Manoj Chitrala <mchitrala () researchnow ! com>
Date:       2014-08-19 14:43:13
Message-ID: 3A27FD2D2D6E584CA9D06B8BFB4A7D8B54D25ECA () WLONPRDMBX01 ! RESEARCHNOW ! COM
[Download RAW message or body]

Hi Steve,

Its been opened. Bug 11072 - Clamscan Errors - info: scancws: Error decompressing SWF file LibClamAV

============
Thanks,
Manoj Chitrala


--
Manoj Chitrala
Unix Administrator & Postmaster

Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |  Mobile: +44 7971 312075



-----Original Message-----
From: clamav-users [mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Steven Morgan
Sent: 19 August 2014 14:38
To: ClamAV users ML
Subject: Re: [clamav-users] False Positive & File Decompression errors

Manoj,

Please open a bugzilla ticket at bugzilla.clamav.net and attach the swf file. We'll investigate ASAP.

Thanks,
Steve



On Tue, Aug 19, 2014 at 9:32 AM, Manoj Chitrala <mchitrala@researchnow.com>
wrote:

> Thanks Douglas. Please can you suggest about the errors about
> decompressing the file.
>
> ============
> Thanks,
> Manoj Chitrala
>
>
> --
> Manoj Chitrala
> Unix Administrator & Postmaster
>
> Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |  Mobile: +44 7971
> 312075
>
>
>
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces@lists.clamav.net] On
> Behalf Of Douglas Goddard
> Sent: 19 August 2014 14:30
> To: ClamAV users ML
> Subject: Re: [clamav-users] False Positive & File Decompression errors
>
> Confirmed the false positive. The signature should be dropped by the
> end of the day.
>
>
> On Tue, Aug 19, 2014 at 5:34 AM, Manoj Chitrala
> <mchitrala@researchnow.com
> >
> wrote:
>
> > Hi,
> >
> > Here is the MD5 sum output.
> >
> > root@RSNUKLT146:~/Desktop# md5sum show.html.erb
> > 16e3a74703c22cce728bb523439c1d02  show.html.erb
> > root@RSNUKLT146:~/Desktop#
> >
> > We are running Redhat Enterprise Linux 6.4 where clam av is been
> > installed with 0.98.4 version. Please do let me know if any more
> information required.
> >
> > As a temporary work around we have whitelisted
> > Html.Exploit.CVE_2014_0277 virus alerts, as it has alerted many
> > files which are not threat to us. Once we have solution, we will
> > remove the
> white listing.
> >
> > ============
> > Thanks,
> > Manoj Chitrala
> >
> >
> > --
> > Manoj Chitrala
> > Unix Administrator & Postmaster
> >
> > Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |  Mobile: +44 7971
> > 312075
> >
> >
> >
> > Research Now  |  160 Queen Victoria Street  |  London, United
> > Kingdom EC4V 4BF www.researchnow.com
> >
> > -----Original Message-----
> > From: clamav-users [mailto:clamav-users-bounces@lists.clamav.net] On
> > Behalf Of Al Varnell
> > Sent: 19 August 2014 10:29
> > To: ClamAV users ML
> > Subject: Re: [clamav-users] False Positive & File Decompression
> > errors
> >
> > Manoj,
> >
> > What unix system are you running clamav on?
> >
> > The team will need to know the MD5 of show.html.erb in order to
> > quickly locate it among the other False Positives submitted.  You
> > cannot attach it here.
> >
> > -Al-
> >
> > > On Aug 19, 2014, at 2:02 AM, Manoj Chitrala
> > > <mchitrala@researchnow.com>
> > wrote:
> > >
> > > Hi,
> > >
> > > We have 2 issues with Clamav.
> > >
> > >
> > > 1)      We've been receiving false positive alerts. I have also
> > submitted false positives many a times but I haven't received any
> > response from clam av team. Please can you suggest a fix for this. I
> > have upgraded the AV to latest, updated the virus definitions but
> > all in vain. Attaching the file for your reference. This file
> > show.html.erb is been reported with Html.Exploit.CVE_2014_0277,
> > which is a false as we have scanned it using Microsoft End Point
> > Protection
> and found no threats.
> > >
> > > 2)      The other error we have is the clam av reports us it is unable
> > decompress the file and scan. Please can you suggest any solution
> > for
> this.
> > Error message appears as "scancws: Error decompressing SWF file
> > LibClamAV info"
> > >
> > > Hoping to get a response on these 2 issues.
> > >
> > > ============
> > > Thanks,
> > > Manoj Chitrala
> > >
> > >
> > >        [Research Now] <http://www.researchnow.com/>
> > > [Research Now]          Manoj Chitrala
> > > Unix Administrator & Postmaster
> > >
> > >                Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |
> > Mobile: +44 7971 312075
> > >
> > >
> > >        <http://rn-university.com/researchagencies/> [
> > http://sigs.researchnow.com/EU_Emails/UK/14Jul/ESOMAR_Footer_UK_Mar1
> > 4-
> > 02.gif]
> > <
> > http://www.researchnow.com/en-GB/PressAndEvents/Events/2014/09/ESOMA
> > R%
> > 20Congress%202014.aspx
> > >
> > >
> > >        Follow us:  [Facebook]
> > > <http://www.facebook.com/ResearchNowUK>
> >  [LinkedIn] <http://www.linkedin.com/company/research-now>   [YouTube] <
> > http://www.youtube.com/user/ResearchNowGlobal>   [Twitter] <
> > http://twitter.com/#!/ResearchNowUK>
> > >
> > >          160 Queen Victoria Street  |  London, United Kingdom EC4V 4BF
> > >        www.researchnow.com
> > >
> > > The information contained in this e-mail message is intended for
> > > the use
> > of the recipient(s) named above and is privileged and confidential.
> > If you are not the intended recipient, you are formally notified
> > that you have received this message in error and that any review,
> > dissemination, distribution, or copying of the message is strictly
> > prohibited. If you have received this communication in error, please
> > notify us immediately by e-mail and delete the original message.
> >
> >
> >
> >
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> > http://www.clamav.net/support/ml
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> > http://www.clamav.net/support/ml
> >
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic