First some background info.
The definition was added recently by daily - 23071, Feb 15, 2017, so that
explains why you are just now seeing it.
It's looking for the following ASCII string in an ASCII Text document:
begin_signature
block{WILDCARD_ANY_STRING(LENGTH<=100)}miia4ayjkozihvcnaqccoiia0tccgs0c
except I substituted an underline "_" for the first space " " character to
prevent this e-mail from being detected as infected.
That appears to be a rather unique string of characters, though I don't know
anything about what type of malware this might be looking for.
I downloaded EFTools6.1.3ForVS2013.msi from
<https://www.microsoft.com/en-us/download/details.aspx?id=40762> and confirmed
the detection.
I decompressed the .msi archive and scanned the resulting files, but none of
those files were found to be an infection.
I also opened the .msi archive in a text editor and the only portion of the
signature I could locate was the word "begin" twice and the word "signature"
several times, but not consecutively. So I have no idea how this file is found
to be infected.
So if I were you I would upload EFTools6.1.3ForVS2014.msi or whatever one you
have to ClamAV's False Positive Report page <http://www.clamav.net/reports/fp>.
-Al-
On Mon, Feb 20, 2017 at 07:39 PM, Clamise Chee wrote:
>
> I am having a lot of thoughts over the detection from the programming
> packages under "EntityFramework".
>
> The alert returns : Txt.Exploit.CVE_2017_0007-5839723-0 FOUND
>
>
> The loads of file (over 100+ per package) was detected as virus with the ID
> above, there was no mentioning of alerts/scanning coming from this file when
>
> we first use ClamAV (this file has been sitting there since year 2015 until
> recent update of the daily.cvd file, 17 Feb 2017)
>
>
> I'm having a hard time trying to figure out how could this fall under Virus.
>
> Is there a recommendation on how can I get this cleared/cleaned ?
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
