andrew at x-2
May 11, 2012, 8:40 AM
Post #1 of 1
We were seeing a number of files being quarantined earlier with the reference
BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
numbers point to vulnerabilities found in Microsoft's Excel and Office
suites. However, the files were not only excel spreadsheets but also some
.msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
the files as clean, so is this a false positive ? I'm assuming yes. Also,
interestingly, a copy of one of the files put back on the affected server has
not been quarantined again. The various definitions have been updated by
freshclam, so we are all up to date currently on that score. If someone could
confirm if this was a signature that was wrong and causing the quarantine,
that would be great.
Version info below:
ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012
running on a Centos 5.7 box.
Thanks in advance.
andrew [at] x-2
This mail sent using V-webmail - http://www.v-webmail.org
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net