jesler at sourcefire
May 11, 2012, 10:40 AM
Post #178 of 181
Please run freshclam, an update has been pushed.
On May 11, 2012, at 11:40 AM, Andrew Thompson wrote:
> We were seeing a number of files being quarantined earlier with the reference
> BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
> numbers point to vulnerabilities found in Microsoft's Excel and Office
> suites. However, the files were not only excel spreadsheets but also some
> .msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
> the files as clean, so is this a false positive ? I'm assuming yes. Also,
> interestingly, a copy of one of the files put back on the affected server has
> not been quarantined again. The various definitions have been updated by
> freshclam, so we are all up to date currently on that score. If someone could
> confirm if this was a signature that was wrong and causing the quarantine,
> that would be great.
> Version info below:
> clamscan -V
> ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012
> running on a Centos 5.7 box.
> Thanks in advance.
> Andrew Thompson
> andrew [at] x-2
> This mail sent using V-webmail - http://www.v-webmail.org
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net