Hi Mark, Do you think you could share a sample or two with me to test. I'm really curious what changed and would like to debug each version with a sample or two.
-Micah > -----Original Message----- > From: clamav-devel <clamav-devel-boun...@lists.clamav.net> On Behalf Of > Mark Allan > Sent: Monday, February 8, 2021 3:04 AM > To: ClamAV Development <clamav-devel@lists.clamav.net> > Subject: [Clamav-devel] Issue with FP only on 0.103.1 > > Hi all, > > It looks like the additional image file type support in 0.103.1 has introduced > an issue with a particular signature which has been in the database since 2018 > > Img.Exploit.CVE_2018_4904-6449838-0 > > It's flagging up thousands of known-good files. As far as I can tell, they're > all > TIFF files. > > I've added that signature to an ign2 file for now, but I'm wondering if > there's > something else that's maybe amiss somewhere either with the signature or > the 0.103.1 update? > > Best regards, > Mark > > _______________________________________________ > > clamav-devel mailing list > clamav-devel@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-devel > > Please submit your patches to our Github: https://github.com/Cisco- > Talos/clamav-devel/pulls > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml