Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

(no subject)

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


andrew at x-2

May 11, 2012, 8:40 AM

Post #1 of 1 (625 views)
Permalink
(no subject)

Hello
We were seeing a number of files being quarantined earlier with the reference
BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
numbers point to vulnerabilities found in Microsoft's Excel and Office
suites. However, the files were not only excel spreadsheets but also some
.msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
the files as clean, so is this a false positive ? I'm assuming yes. Also,
interestingly, a copy of one of the files put back on the affected server has
not been quarantined again. The various definitions have been updated by
freshclam, so we are all up to date currently on that score. If someone could
confirm if this was a signature that was wrong and causing the quarantine,
that would be great.

Version info below:
clamscan -V
ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012

running on a Centos 5.7 box.

Thanks in advance.

Andrew



--

Andrew Thompson

andrew [at] x-2
_________________________________________________________
This mail sent using V-webmail - http://www.v-webmail.org

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.