On 17/01/12 09:52, Török Edwin wrote: > On 01/17/2012 11:00 AM, Anne Wilson wrote: >> On 16/01/12 13:55, Török Edwin wrote: >>> On 01/16/2012 03:53 PM, Anne Wilson wrote: >>>> I run clamav on my mail server, and my daughter runs clamwin on >>>> Windows 7, on my recommendation. This morning's scan showed midi >>>> files that have been on my server for 2 years or more as being >>>> infected, e.g.: >>>> >>>> /Data1/Midi/AudigyCD/SYMPHONY.MID: BC.Exploit.CVE_2012_0003 FOUND >>>> >>>> Soon after reading this, I got a phone call from my daughter saying >>>> that clamwin had quarantined all midi files supplied in the >>>> Creative Soundblaster X-Fi installation. The screenshot she sent >>>> me shows nothing but the midi files. >>> >>> Please submit some of those false positives here (make sure you >>> choose the 'A false positive' radiobox): >>> http://cgi.clamav.net/sendvirus.cgi >>> >> Thanks. I've done that. I was careful to mark it as "a false positive" >> but got the message "This virus is already recognized by ClamAV >> 0.97.3/14314/Mon Jan 16 " - I assume that I can ignore that? >> >> I'll submit one from her Windows box as soon as she emails it to me. >> >>>> >>>> I have told her not to worry for now, but is there a way to mark >>>> these as not infected and remove them from quarantine? >>>> >>> >>> Create a file called local.ign2 in your database directory and add >>> this line to it: BC.Exploit.CVE_2012_0003 >>> >> Done that too. Thanks for the prompt reply. I'm not very familiar with >> Windows' organisation of this sort of thing, so can you suggest where I >> should tell her to put the ignore file? Should she just search for >> daily.cld to find the directory, or is it labelled some other way in >> Windows? > > daily.cld or daily.cvd. Not sure where ClamWin puts its database directory, > perhaps in Application Data. > > The offending bytecode was dropped in the meantime, so the false > positive detections should've stopped > for now. > Thanks. She tells me that she didn't get the false positives in today's scan.
Anne -- Need KDE help? Try http://userbase.kde.org or Http://forum.kde.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
