Have you uploaded the files that are being incorrectly detected here: http://www.clamav.net/lang/en/sendvirus/submit-fp/
? Cheers, -matt On Sat, Jan 28, 2012 at 7:22 PM, Alexander "Sasha" Y. Avanesov <[email protected]> wrote: > Hello, > > ClamAV falsely detects a BC.Exploit.CVE_2010_0815 in a ".ppt" file. I ran the > file through VirusTotal and only ClamAV shows it as infected. I found a > 2-year old message related to this issue: > > http://lurker.clamav.net/search/20380101.000000.00000000@ml:clamav-users,false,positive,bc.exploit.cve%5F2010%5F0815.en.html > > http://www.gossamer-threads.com/lists/clamav/users/48954 > > though it was never fully resolved. Alain Zidouemba reported he updated the > detection for CVE_2010_0815, but Ewald Beekam reported he continued to have > the problem. There was no response and I am also having this issue. > > Please advise on this. > > Thanks for your time and effort! > > Sincerely, > Sasha > > P.S. I am running release 0.97.2 (using ClamXav), so I don't know if the > 0.97.3 takes care of this or not, but given that this issue persisted for > over 2 years, I doubt anything has been done. Any help with this would be > greatly appreciated. > > P.P.S I also had a false positive on BC.Exploit.CVE_2010_3970 in Word > document (that I created and which only had a numbered list of about 10 > items), though VirusTotal reports the file is clean (aside from the ClamAV > scan). After I copied the contents of an "infected" file into a new word > document, the file is reported as clean, but I do wonder if this is another > ClamAV issue that needs to be looked into. Thanks again for your help. > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- Matthew Watchinski V.P. Vulnerability Research (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-blog.snort.org && http://www.snort.org/vrt/ _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
