david.alix at isc
May 23, 2012, 10:01 AM
Post #2 of 3
It looks like it was a latency problem. Restarting my mimedefang daemon
Re: Again False Positive for BC.Exploit.CVE_2012_1847 ?
[In reply to]
fixed the problem.
--On Wednesday, May 23, 2012 9:18 AM -0700 David Alix
<david.alix [at] isc> wrote:
> Bytecode 184 went onto my system at 8:45 this morning. As of 9:05 I am
> still getting BC_Exploit.CVE_2012_1847 rejections. I do not quarantine
> (I reject) viruses, so I don't have a copy to send in.
> Could this be a latency problem - could not all of the mimedefang.pl
> daemons have picked up the new Bytecode? I have a minimum of 20
> processes running.
> --On Wednesday, May 23, 2012 11:38 AM -0400 Joel Esler
> <jesler [at] sourcefire> wrote:
>> I assume you've ran freshclam since then. So, if so, then no.
>> Please send the file into us via the clamav.net FP reporter, and email us
>> back with the md5 and we'll take a look.
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> On May 23, 2012, at 11:18 AM, Matthias Egger wrote:
>>> I have a Quarantained (amavisd-new) email with an Excel Attachment.
>>> clamav thinks it matches against BC.Exploit.CVE_2012_1847
>>> Sophos doesn't complain and when i send the excel file to virustotal. no
>>> other virusscanner complains about that.
>>> So is this the same problem we had on May 11th?
>>> Best regards
>>> Matthias Egger
>>> ETH Zurich
>>> Department of Information Technology maegger [at] ee
>>> and Electrical Engineering
>>> IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90
>>> Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95
>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> David Alix
> Information Systems and Computing
> David.Alix [at] isc
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Information Systems and Computing
David.Alix [at] isc
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net