The "Java.Exploit.CVE_2013_2465" virus takes advantage of unpatched versions of Java and OpenJDK which are vulnerable to CVE-2013-2465. The signature isn't meant to detect the vulnerability itself, but a specific piece of malware that targets it.
OpenJDK got updated for this CVE in July: http://www.ubuntu.com/usn/usn-1908-1/ It is likely that the ClamAV signature simply includes the API that is being used by the malware, and that API happens to also be used by code in the rt.jar file. I agree, this is likely a bug in the clamav signature database, which we do not ship in Ubuntu. I am closing this bug since there is no actionable item. If you want this to be corrected in the ClamAV database, I suggest filing a bug with the ClamAV project here: http://www.clamav.net/lang/en/sendvirus/submit-fp/ Thanks. ** Changed in: clamav (Ubuntu) Status: New => Won't Fix ** Changed in: clamav (Ubuntu) Status: Won't Fix => Invalid ** Changed in: openjdk-6 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in Ubuntu. https://bugs.launchpad.net/bugs/1224723 Title: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless Status in “clamav” package in Ubuntu: Invalid Status in “openjdk-6” package in Ubuntu: Invalid Bug description: Running a clamscan on a Ubuntu 12.04.3 system reports that vunlerability CVE-2013-2465 was detected in version 6b27-1.12.6-1ubuntu0.12.04.2 of openjdk-6-jre-headless: Run this: #/usr/bin/clamscan -ri --max-filesize=100M /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/ Get this: /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar: Java.Exploit.CVE_2013_2465 FOUND To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
