The signature is more complex than that. What you are seeing and decoding are just the triggering conditions to start evaluating HTML files for the vulnerability CVE-2013-0019. In any case, we received a few FP reports for that signature and have made some tweaks that we are currently testing prior to release. The original signature BC.Exploit.CVE_2013_0019 has already been pulled.
Thanks Al, - Alain _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
