Re: [clamav-users] support

Mon, 05 Dec 2016 06:45:47 -0800 

I've identified a few clean samples that this signature FP on. I'm dropping
BC.Legacy.Exploit.CVE_2012_4148-1. We'll rework it.

- Alain

On Mon, Dec 5, 2016 at 9:10 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:

> Hi,
>
> Just had a twitter user contact me regarding an fp that he reported 1st
> September (I don't have a hash sorry):
>
>
> 3986318.cbc:BC.Legacy.Exploit.CVE_2012_4148-1.{};Engine:70-
> 255,Target:10;(0&2&1)
> ;0:255044462d312e;*:2f416e6e6f74;*:2f53756274797065{-5}2f576964676574
>
> Secondly, I'm seeing this using 0.99.3... in debug logs when loading
> daily.ldb:
>
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Win.Trojan.CVE_2006_5857-1, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Win.Exploit.CVE_2009_2502-1, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Pdf.Exploit.Agent-1388609, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Pdf.Exploit.CVE_2012_4154-1, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Pdf.Exploit.CVE_2012_4157-1, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Pdf.Exploit.CVE_2011_4370-1, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Osx.Trojan.Iumler-1, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Pdf.Exploit.Dropped-2014, skipping
> LibClamAV debug: lsigattribs: Unknown attribute name 'HanderType'
> LibClamAV debug: init_tdb: Not supported attribute(s) in signature for
> Win.Trojan.Quarian-2, skipping
>
> These seem be of the type...
>
> ,HanderType:CL_TYPE_PDF,Target:
>
> not the usual....
>
> ,Container:CL_TYPE_PDF,Target:
>
> --
> Cheers,
>
> Steve
> Twitter: @sanesecurity
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to