> -----Original Message----- > From: [email protected] [mailto:clamav-users- > [email protected]] On Behalf Of Trevor Cotton > Sent: Tuesday, October 19, 2010 8:18 AM > To: [email protected] > Subject: [Clamav-users] Suspect.PDF.ObfuscatedJS-6 false positives > > This morning I am seeing a huge number of false positives when scanning our > java application war files and some html files > Suspect.PDF.ObfuscatedJS-6 > > Seeing from both 0.96.2 and 0.96.3 with > > ClamAV update process started at Tue Oct 19 04:02:03 2010 main.cvd is up to > date (version: 52, sigs: 704727, f-level: 44, builder: sven) Downloading > daily- > 12154.cdiff [*] daily.cld updated (version: 12154, sigs: 140550, f-level: 53, > builder: ccordes) bytecode.cld is up to date (version: 82, sigs: 10, f-level: > 53, > builder: edwin) > > Trevor > > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > _ _ _ _ > _ _ _ _ _ > > St. Jude Children’s Research Hospital is internationally recognized for its > pioneering work in finding cures and saving children with cancer and other > catastrophic diseases. > St. Jude is the first and only pediatric cancer center to be designated as a > Comprehensive Cancer Center by the National Cancer Institute. Founded by > late entertainer Danny Thomas and based in Memphis, Tennessee, St. Jude > freely shares its discoveries with scientific and medical communities around > the world. St. Jude is the only pediatric cancer research center where > families > never pay for treatment not covered by insurance. No child is ever denied > treatment because of the family’s inability to pay. St. Jude is financially > supported by ALSAC, its fundraising organization. For more information, > please visit www.stjude.org. > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > _ _ _ _ > _ _ _ _ _ > > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this e-mail in error please notify the originator of the > message. This footer also confirms that this e-mail message has been > scanned for the presence of computer viruses. > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml
We have seen the same thing, also with java app war files, since the same sig update and also one the same two versions. Has anyone been able to confirm that these FP's are stemming from a bad sig? Thanks, Dan _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
