On May 13, 2014, at 8:19 AM, Shaun Hurley <[email protected]> wrote:
> A ClamXav user complained of having a Google Chrome extension “WebGL > Inspector” which he has used since 2012 was said to be infected with > HTML.Exploit.Heap-2. > > I was able to obtain a later version of that extension and verified that > the gli.all.js file in that extension scans as infected. > > I was not able to locate when this signature was added on the > clamav-virusdb list. > > I was able to easily confirm that the file contains all elements of the > signature (four ascii strings separated by “any strings” of varying length. > > I haven’t found any clues on what an actual infected file might be. > > I submitted it to VirusTotal where only ClamAV® detected it > < > https://www.virustotal.com/en/file/36fd57cce150c5e8ea26168823e84b19e109592c6586496b605306cbb482d982/analysis/1399908003/ >> > > I successfully uploaded to you using your "Submit a false positive" form. > MD5 = 6968c0d2ad15e68b33bb30074ddbb7a6 > > > -Al- > -- > Al Varnell > Mountain View, CA > > ------------- > Al, > > Sorry, I didn't have the original email that was sent to the list. After > further analysis, I've modified the signature so that it shouldn't generate > as many false positives. > > Thank you, > Shaun Hurley Here’s another one that doesn’t seem to have been deployed. I’m still getting an FP on the file I submitted and I don’t see any obvious changes to the signature. -Al- _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
