On Wednesday 30 November 2016 05:29:42 Al Varnell wrote: > Has anybody submitted a PDF yet? Normally, nothing can happen until > they have at least one example. Once somebody has a sample they are > allowed to submit, return here with a hash value of the submitted file > so they can expedite processing. > > -Al-
I did Al, how many more copies of it does it take? > On Wed, Nov 30, 2016 at 02:26 AM, maxal wrote: > > hi, > > > > On Tue, 2016-11-29 at 15:46 -0500, Gene Heskett wrote: > >> On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote: > >>> Is there any way to get updates on a false positives(i submitted > >>> this > >>> about a week or so ago), if it is or is not, i still find these. > >>> In my > >>> case they seem to be ok coming from the printer, but then a > >>> non-technical person opens and saves the file with a different > >>> name (rather than just rename it) which activates this particular > >>> exploit, > >>> which we've proven by going and grabbing directly from the printer > >>> and > >>> then having the client open and resave and send us both documents. > >>> > >>> We're in the type of business where it would open us up to a ton > >>> of liability if we were to white list, without knowing, have have > >>> a site > >>> user download an infected file. > >>> > >>> Thanks, happy to do anything i can. > >>> > >>> Jeff > >> > >> I too have submitted an FP report on this one, but haven't been > >> advised > >> about it either. IMO it is as phony as a 3 dollar bill. > > > > also numerous hits on this rule on valid/harmless pdfs here - i have > > already reported the fp last week and disabled/whitelisted the rule > > due to customer complaints. > > > > why is cisco/clamav ignoring all the reports? is this part of the > > automated (signature) processing? ~10 days of waiting for a > > signature- fix is hard, the rule was published on: > > > > Nov 20, 2016, 3:18 PM > > Datefile: daily > > Version: 22573 > > Publisher: Alain Zidouemba > > New Sigs: 1187 > > Dropped Sigs: 0 > > Ignored Sigs: 54 > > > > kind regards > > max Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
