A ClamXav user complained of having a Google Chrome extension “WebGL Inspector” which he has used since 2012 was said to be infected with HTML.Exploit.Heap-2.
I was able to obtain a later version of that extension and verified that the gli.all.js file in that extension scans as infected. I was not able to locate when this signature was added on the clamav-virusdb list. I was able to easily confirm that the file contains all elements of the signature (four ascii strings separated by “any strings” of varying length. I haven’t found any clues on what an actual infected file might be. I submitted it to VirusTotal where only ClamAV® detected it < https://www.virustotal.com/en/file/36fd57cce150c5e8ea26168823e84b19e109592c6586496b605306cbb482d982/analysis/1399908003/ > I successfully uploaded to you using your "Submit a false positive" form. MD5 = 6968c0d2ad15e68b33bb30074ddbb7a6 -Al- -- Al Varnell Mountain View, CA ------------- Al, Sorry, I didn't have the original email that was sent to the list. After further analysis, I've modified the signature so that it shouldn't generate as many false positives. Thank you, Shaun Hurley _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
