We actually got another FP report for the signature Xml.Exploit.CVE_2018_4975-6545149-0 triggering on AutoCAD DWFx files. We dropped Xml.Exploit.CVE_2018_4975-6545149-0 from the signature set earlier today pending further investigation on how the signature could be re-written to avoid FPs on these DWFx files.
- Alain On Thu, Jun 21, 2018 at 12:27 PM, Brian Gawith <[email protected]> wrote: > We use a replication platform that has ClamAV baked in so can't really use > the standard whitelist procedures, or at least not that I am aware of. > Anyway we are getting a bunch of our AutoCAD DWFx files that are being > tagged for the virus Xml.Exploit.CVE_2018_4975-6545149-0. I can't figure > out exactly what the exploit is and what it does. If I can point to what > exactly the exploit is I can go to Autodesk and see if they have a hotfix > for the problem. Otherwise we are stuck. The real problem seems to be that > once the file is tagged it strips out the redlines our team does and then > when it syncs down to the remote servers they can't figure out what they > are supposed to change. > > Any help with what that exploit is so that I can communicate it to the > software manufacturer and find a solution would be greatly appreciated. > > Brian Gawith > > > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
