-----Original message----- From: Bill Maidment <[email protected]> Sent: Wed 08-02-2012 09:53 Subject: Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP To: [email protected]; > -----Original message----- > From: Tomasz Kojm <[email protected]> > Sent: Wed 08-02-2012 09:29 > Subject: Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP > To: [email protected]; > > On Tue, 07 Feb 2012 23:11:24 +0100 Tomasz Kojm <[email protected]> wrote: > > > On Tue, 7 Feb 2012 23:07:05 +0100 Ralf Hildebrandt > > > <[email protected]> wrote: > > > > > >> Have you tried that for a bytecode signature? > > >> sigtool --find-sigs=BC.Exploit.CVE_2011_3412 > > >> doesn't emit a line number. Fields are not seperated with : but with ; > > > > > > The bytecode loader indeed seems to ignore local.ign2, I'm looking into it > > > > The problem is now fixed in master & 0.97 branches: > > > > Thanks Tomasz > The patch doesn't line up with 0.97.3 source. Do I have to manually patch > that? >
I have manually patched 0.97.3, re-compiled, re-installed and restarted clamd, but the ign2 file is still being ignored. [root@stiles clamav]# cat /usr/local/share/clamav/local.ign2 BC.Exploit.CVE_2011_3412 [root@stiles clamav]# Wed Feb 8 10:49:39 2012 -> /var/spool/MIMEDefang/mdefang-q17NnSa7022557/Work/msg-30733-35.xls: BC.Exploit.CVE_2011_3412 FOUND Cheers Bill Maidment IT Consultant to Elgas Ltd Phone: 02 4294 3649 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
