On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote: > Is there any way to get updates on a false positives(i submitted this > about a week or so ago), if it is or is not, i still find these. In my > case they seem to be ok coming from the printer, but then a > non-technical person opens and saves the file with a different name > (rather than just rename it) which activates this particular exploit, > which we've proven by going and grabbing directly from the printer and > then having the client open and resave and send us both documents. > > We're in the type of business where it would open us up to a ton of > liability if we were to white list, without knowing, have have a site > user download an infected file. > > Thanks, happy to do anything i can. > > Jeff > I too have submitted an FP report on this one, but haven't been advised about it either. IMO it is as phony as a 3 dollar bill.
> On Wed, Nov 23, 2016 at 12:11 PM, Jeff Dyke <jeff.d...@gmail.com> wrote: > > I also submitted an FP a few days ago. I'm not as much of a fan of > > whitelisting what could be a fairly serious exploit that i'd be > > allowing people to download if it were valid. Hopefully it will be > > fixed up soon. The documents i found it in are public, so if there > > is way to expedite the process, i'm happy to supply other > > information. > > > > On Wed, Nov 23, 2016 at 10:27 AM, Hajo Locke <hajo.lo...@gmx.de> wrote: > >> Hello, > >> > >> Am 23.11.2016 um 16:10 schrieb Ralf Hildebrandt: > >>> * Hajo Locke <hajo.lo...@gmx.de>: > >>>> Hello, > >>>> > >>>> unfortunately we have some problems with FP > >>>> Pdf.Exploit.CVE_2016_1091-2 Customer was testing at virustotal > >>>> and only clamav is finding a virus. Unfortunately i can not do a > >>>> FP-Report. All PDFs are property of costumers > >>>> and not public. > >>> > >>> I already did a FP report. It happened with PDFs from "Springer > >>> Medical". had to diable that signature. > >> > >> Thanks. In most cases the clam-team response is quick. Otherwise i > >> would also do a global whitelisting. > >> > >>> I hope there are some additional FP-Reports from other people > >>> regarding > >>> > >>>> this > >>>> virus to review this signature. > >>> > >>> Yep. > >>> > >>> Thanks, > >> > >> Hajo > >> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml