On Wed, Dec 11, 2013 at 06:56 AM, Douglas Goddard wrote:
> When was your last signature update? Could you run freshclam and then
> rescan? That version of the bytecode signature has been dropped and should
> no longer be alerting, the current version is BC.Exploit.CVE_2013_3906-3.
> If that version is still alerting after an update then we will do some
> deeper investigation.
I don't see any reference to a "dash 3" version of this signature anywhere
after several definition updates today. The only thing sigtool gives me is:
> VIRUS NAME: BC.Exploit.CVE_2013_3906.{}
> TDB: Engine:56-255,Target:0
> LOGICAL EXPRESSION: (3|4|(0&(2|1)))
> * SUBSIG ID 0
> +-> OFFSET: 0
> +-> DECODED SUBSIGNATURE:
> ??ࡱ?
> * SUBSIG ID 1
> +-> OFFSET: ANY
> +-> DECODED SUBSIGNATURE:
> II*
> * SUBSIG ID 2
> +-> OFFSET: ANY
> +-> DECODED SUBSIGNATURE:
> MM*
> * SUBSIG ID 3
> +-> OFFSET: 0
> +-> DECODED SUBSIGNATURE:
> II*
> * SUBSIG ID 4
> +-> OFFSET: 0
> +-> DECODED SUBSIGNATURE:
> MM*
and yes, I do understand that the actual signature has more too it than this.
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
