A ClamXav user notified me that a component of the commercial software Rosetta Stone was showing up as infected with Exploit.FLV.
A quick check of the database shows the signature to be: > main.cvd Exploit.FLV 7d222f07ec08a2222abc88ec7d295ce0:33036 And clamav-virusdb indicates it was added with this update: > Author: Robert Scroggins > Date: 2011-05-19 17:03 -700 > To: clamav-virusdb > Subject: [clamav-virusdb] Update (daily: 13095) > ClamAV database updated (19 May 2011 20-02 -0400): daily.cvd > Version: 13095 > > Submission-ID: 23362920 > Sender: Virus Total > Sender: John JR > Added: Exploit.FLV The latest entry I could find in VirusTotal for file name “c42ddaa4048f1df316406d352f8802dab652b5f2” seems to be: <https://www.virustotal.com/en/file/5e90fa85a00484d89f7a8ededa9f612b05eebf037762e7a5840efd6ba6a3fcad/analysis/> There’s a discussion of it for many A-V softwares here: <https://groups.google.com/forum/#!msg/comp.sys.mac.misc/vRwD3dZY15E/voBrCz40_54J> As well as formal guidance from Rosetta Stone for a workaround: <http://success.rosettastone.com/en-US/articles/While-installing-Rosetta-Stone-my-antivirus-alerts-me-about-a-file/>. I’m unable to get my hands on the file since it’s commercial software, but it would appear that you may already have it from VirusTotal, so I’m wondering if the signature team can take a look at it based on all of this? MD5 is obviously: 7d222f07ec08a2222abc88ec7d295ce0 -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
