I’m not sure why you would consider a 2012 CVE to be an indicator of a false positive. Have you read the vulnerability description? <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0167>
If that document contains an EMF image it could cause a heap-based buffer overflow in those older, unmatched versions of Microsoft Office. -Al- > On Jul 9, 2015, at 7:55 AM, Ingo Bente <[email protected]> wrote: > > Yes. > > /path/to/file: BC.Win.Exploit.CVE_2012_0167 FOUND > > The file was last changed in Mar 2015. This, in addition to the fact > that the CVE dates back to the year 2012, seems to indicate a false > positive to me. > > Cheers > Ingo > > On 9 July 2015 at 15:37, Alain Zidouemba <[email protected]> wrote: >> Can you provide the detection name that ClamAV displayed? >> >> Thanks, >> >> - Alain _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
