Thank you. I'll take a look at what the issue is. Shaun
On Mon, May 19, 2014 at 2:02 PM, Al Varnell <[email protected]> wrote: > On May 13, 2014, at 8:19 AM, Shaun Hurley <[email protected]> wrote: > > > A ClamXav user complained of having a Google Chrome extension “WebGL > > Inspector” which he has used since 2012 was said to be infected with > > HTML.Exploit.Heap-2. > > > > I was able to obtain a later version of that extension and verified that > > the gli.all.js file in that extension scans as infected. > > > > I was not able to locate when this signature was added on the > > clamav-virusdb list. > > > > I was able to easily confirm that the file contains all elements of the > > signature (four ascii strings separated by “any strings” of varying > length. > > > > I haven’t found any clues on what an actual infected file might be. > > > > I submitted it to VirusTotal where only ClamAV® detected it > > < > > > https://www.virustotal.com/en/file/36fd57cce150c5e8ea26168823e84b19e109592c6586496b605306cbb482d982/analysis/1399908003/ > >> > > > > I successfully uploaded to you using your "Submit a false positive" form. > > MD5 = 6968c0d2ad15e68b33bb30074ddbb7a6 > > > > > > -Al- > > -- > > Al Varnell > > Mountain View, CA > > > > ------------- > > Al, > > > > Sorry, I didn't have the original email that was sent to the list. After > > further analysis, I've modified the signature so that it shouldn't > generate > > as many false positives. > > > > Thank you, > > Shaun Hurley > > Here’s another one that doesn’t seem to have been deployed. I’m still > getting an FP on the file I submitted and I don’t see any obvious changes > to the signature. > > -Al- > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
