Thanks for the tip, Matt. I just uploaded both files. Thanks, Sasha
On Jan 30, 2012, at 3:00 AM, [email protected] wrote: > From: Matt Watchinski <[email protected]> > Subject: Re: [clamav-users] False Positive > BC.Exploit.CVE_2010_0815.BC.Exploit.CVE_2010_0815 > Date: January 29, 2012 6:55:08 PM PST > To: ClamAV users ML <[email protected]> > Reply-To: ClamAV users ML <[email protected]> > > > Have you uploaded the files that are being incorrectly detected here: > http://www.clamav.net/lang/en/sendvirus/submit-fp/ > > ? > > Cheers, > -matt > > On Sat, Jan 28, 2012 at 7:22 PM, Alexander "Sasha" Y. Avanesov > <[email protected]> wrote: >> Hello, >> >> ClamAV falsely detects a BC.Exploit.CVE_2010_0815 in a ".ppt" file. I ran >> the file through VirusTotal and only ClamAV shows it as infected. I found a >> 2-year old message related to this issue: >> >> http://lurker.clamav.net/search/20380101.000000.00000000@ml:clamav-users,false,positive,bc.exploit.cve%5F2010%5F0815.en.html >> >> http://www.gossamer-threads.com/lists/clamav/users/48954 >> >> though it was never fully resolved. Alain Zidouemba reported he updated the >> detection for CVE_2010_0815, but Ewald Beekam reported he continued to have >> the problem. There was no response and I am also having this issue. >> >> Please advise on this. >> >> Thanks for your time and effort! >> >> Sincerely, >> Sasha >> >> P.S. I am running release 0.97.2 (using ClamXav), so I don't know if the >> 0.97.3 takes care of this or not, but given that this issue persisted for >> over 2 years, I doubt anything has been done. Any help with this would be >> greatly appreciated. >> >> P.P.S I also had a false positive on BC.Exploit.CVE_2010_3970 in Word >> document (that I created and which only had a numbered list of about 10 >> items), though VirusTotal reports the file is clean (aside from the ClamAV >> scan). After I copied the contents of an "infected" file into a new word >> document, the file is reported as clean, but I do wonder if this is another >> ClamAV issue that needs to be looked into. Thanks again for your help. >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml > > > > -- > Matthew Watchinski > V.P. Vulnerability Research (VRT) > Sourcefire, Inc. > Office: 410-423-1928 > http://vrt-blog.snort.org && http://www.snort.org/vrt/ > > > > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
