Hello List Same here, I do see FPs with BC.Win.Exploit.CVE_2017_11244-6335828-0 hitting legitimate corporate files (so no submission possible from me either).
md5sum of the affected file is bf20323e1cea2c2c3fc26d09956dd906 (don't know if this is helpful without the actual file...) On 13.09.2017 16:27, Leonardo Rodrigues wrote: > > I'm also getting some excel files flagged by the same signature, > excel files that are supposed to be clean by other commercial antiviruses > > two files from my amavis quarantine folder scanned with actual > signatures: > > [root@correio shm]# clamdscan -v virus-2017* > /dev/shm/virus-20170912T100210-14568-04-oYAqsgllorwh: > BC.Win.Exploit.CVE_2017_11244-6335828-0 FOUND > /dev/shm/virus-20170913T105721-11777-15-NJFMBYpgy4B5: > BC.Win.Exploit.CVE_2017_11244-6335828-0 FOUND > > signatures i'm running > > [root@correio shm]# freshclam > ClamAV update process started at Wed Sep 13 11:27:06 2017 > main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, > builder: sigmgr) > daily.cvd is up to date (version: 23823, sigs: 1742928, f-level: 63, > builder: neo) > bytecode.cld is up to date (version: 311, sigs: 74, f-level: 63, > builder: neo) > > > unfortunelly these are corporate files and i cannot submit them for > analysis :( > > > Em 11/09/17 16:06, Judd Grayzel escreveu: >> My Synology Diskstation running the Anti-Virus Essentials (ClamAV >> based engine) quarantined almost 1000 files for the CVE-2017-11241 >> vulnerability. This CVE references a problem with Adobe Acrobat, but >> the files that are being quarantined are Microsoft Excel fIles. >> Do these files really have a virus of some sort, or is this a >> False/Positive situation? > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
