Hi Puneet, Java.Malware.CVE_2021_44228-9915814-0 has been revised to Java.Malware.CVE_2021_44228-9915814-2 (revision 2). Please ensure you're using the latest daily CVD.
Signatures are targeting malware leveraging CVE-2021-44228, in addition to targeting resulting payload Java classes. On Mon, Dec 20, 2021 at 12:38 PM Puneet Bhootra via clamav-users < [email protected]> wrote: > Hi > > Is there any update on whether this has been resolved? I see many > signatures related to this CVE. > Also, since this is an exploit/vulnerability, is ClamAV supposed to detect > this considering its a malware/virus detection tool. > > Regards > Puneet > > On Fri, Dec 17, 2021 at 3:30 AM Micah Snyder (micasnyd) < > [email protected]> wrote: > >> Hi Puneet, >> >> Thank you for submitting the FP reports through our web form. >> Our malware research team is actively working on improving the signatures >> related to CVE-2021-44228. >> >> Regards, >> Micah >> >> Micah Snyder >> ClamAV Development >> Talos >> Cisco Systems, Inc. >> ------------------------------ >> *From:* clamav-users <[email protected]> on behalf >> of Puneet Bhootra via clamav-users <[email protected]> >> *Sent:* Thursday, December 16, 2021 11:32 AM >> *To:* [email protected] <[email protected]> >> *Cc:* Puneet Bhootra <[email protected]>; Himanshu Kumar < >> [email protected]> >> *Subject:* Re: [clamav-users] Lot of false positives detected from >> signature Java.Malware.CVE_2021_44228-9915814-0 >> >> >> Hi >> >> We are seeing lot of false positives being generated from this signature. >> Java.Malware.CVE_2021_44228-9915814-0 >> which has resulted in the quarantine of a lot of java applications >> running in our environments. >> >> It seems for this CVE there are other signatures as well which detects >> this - Exploit.CVE_2021_44228-9914600 and Exploit.CVE_2021_44228-9914601 >> >> So, this one Java.Malware.CVE_2021_44228-9915814-0 is kind of redundant >> and since it is generating a lot of false positives also, please remove >> this from the daily.cld. >> >> I have also submitted a false positive report for the same. >> Can someone please check and take appropriate action on this? >> >> > > -- > > <https://smart.salesforce.com/sig/pbhootra//us_mb/default/link.html> > > _______________________________________________ > > clamav-users mailing list > [email protected] > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Christopher Marczewski Research Engineer, Talos Cisco Systems 443-832-2975
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
