hi, On Tue, 2016-11-29 at 15:46 -0500, Gene Heskett wrote: > On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote: > > > > > Is there any way to get updates on a false positives(i submitted > > this > > about a week or so ago), if it is or is not, i still find these. In > > my > > case they seem to be ok coming from the printer, but then a > > non-technical person opens and saves the file with a different name > > (rather than just rename it) which activates this particular > > exploit, > > which we've proven by going and grabbing directly from the printer > > and > > then having the client open and resave and send us both documents. > > > > We're in the type of business where it would open us up to a ton of > > liability if we were to white list, without knowing, have have a > > site > > user download an infected file. > > > > Thanks, happy to do anything i can. > > > > Jeff > > > I too have submitted an FP report on this one, but haven't been > advisedĀ > about it either. IMO it is as phony as a 3 dollar bill.
also numerous hits on this rule on valid/harmless pdfs here - i have already reported the fp last week and disabled/whitelisted the rule due to customer complaints. why is cisco/clamav ignoring all the reports? is this part of the automated (signature) processing? ~10 days of waiting for a signature- fix is hard, the rule was published on: Nov 20, 2016, 3:18 PMĀ Datefile: daily Version: 22573 Publisher: Alain Zidouemba New Sigs: 1187 Dropped Sigs: 0 Ignored Sigs: 54 kind regards max _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
