-----Original message----- From: Tomasz Kojm <tk...@clamav.net> Sent: Wed 08-02-2012 09:29 Subject: Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: clamav-users@lists.clamav.net; > On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm <tk...@clamav.net> wrote: > > On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt > > <ralf.hildebra...@charite.de> wrote: > > > >> Have you tried that for a bytecode signature? > >> sigtool --find-sigs=BC.Exploit.CVE_2011_3412 > >> doesn't emit a line number. Fields are not seperated with : but with ; > > > > The bytecode loader indeed seems to ignore local.ign2, I'm looking into it > > The problem is now fixed in master & 0.97 branches: >
Thanks Tomasz The patch doesn't line up with 0.97.3 source. Do I have to manually patch that? [root@stiles clamav-0.97.3]# patch -p1 --dry-run < ../fix.diff patching file libclamav/readdb.c Hunk #1 succeeded at 1192 (offset -4 lines). Hunk #2 FAILED at 1218. Hunk #3 FAILED at 1388. Hunk #4 succeeded at 1409 (offset -6 lines). Hunk #5 FAILED at 1476. Hunk #6 FAILED at 1484. Hunk #7 succeeded at 1491 with fuzz 2 (offset -6 lines). 4 out of 7 hunks FAILED -- saving rejects to file libclamav/readdb.c.rej [root@stiles clamav-0.97.3]# Cheers Bill Maidment IT Consultant to Elgas Ltd Phone: 02 4294 3649 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml