Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

(no subject)



ClamAV users RSS feed   Index | Next | Previous | View Threaded

andrew at x-2

May 11, 2012, 8:40 AM

Post #1 of 1 (732 views)
(no subject)

We were seeing a number of files being quarantined earlier with the reference
BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
numbers point to vulnerabilities found in Microsoft's Excel and Office
suites. However, the files were not only excel spreadsheets but also some
.msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
the files as clean, so is this a false positive ? I'm assuming yes. Also,
interestingly, a copy of one of the files put back on the affected server has
not been quarantined again. The various definitions have been updated by
freshclam, so we are all up to date currently on that score. If someone could
confirm if this was a signature that was wrong and causing the quarantine,
that would be great.

Version info below:
clamscan -V
ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012

running on a Centos 5.7 box.

Thanks in advance.



Andrew Thompson

andrew [at] x-2
This mail sent using V-webmail - http://www.v-webmail.org

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net

ClamAV users RSS feed   Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.