subject:"\[clamav\-users\] Win.Exploit.CVE_2019_0758\-6968262\-1 \- VERY false positives"

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-06-03 Thread Al Varnell via clamav-users

You must unsubscribe yourself at the bottom of this page:
>

-Al-

> On Jun 3, 2019, at 12:54, Roberto Mazzini  wrote:
> 
> unsubscribe
> 



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-06-03 Thread Roberto Mazzini


unsubscribe

On 02/06/19 18:26, Groach via clamav-users wrote:

This has since been proven ok.?? The FP's stopped last week.

Thanks


02/06/19 17:25

On 27/05/2019 13:34, Tuomo Soini wrote:

On Mon, 27 May 2019 12:47:13 +0200
Andrea Venturoli  wrote:


On 5/27/19 11:38 AM, Groach via clamav-users wrote:

Since 25th May, my email system (according to this new signature)
is rife with a virus that didnt (and still doesnt) exist in these
historic emails.?? These emails (an extract of the scan results is
shown below) have PDF's in them but are without risk.?? Can we drop
this signature please?

I agree.
I had to whitelist this sig.

That signature was dropped in daily 25462 so updating database should
be enough now.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Roberto Mazzini

Giolli coop

--
Giolli Società Cooperativa Sociale
Centro permanente di ricerca e sperimentazione teatrale
sui metodi Boal e Freire
Via Chiesa, 12
43022 Montechiarugolo (PR)
telefax: 0521-686385
e-mail: segrete...@giollicoop.it
web: www.giollicoop.it
FaceBook: CooperativaGiolli

_
PRIVACY

Ai sensi e per effetti della Legge sulla tutela della riservatezza personale 
(D. Lgs. 196/03),
questa mail è destinata unicamente alle persone sopra indicate e le 
informazioni in essa contenute
sono da considerarsi strettamente riservate. E' proibito leggere, copiare, 
usare o diffondere il
contenuto della presente missiva senza autorizzazione.
Se avete ricevuto questo messaggio per errore, siete pregati di distruggerlo 
immediatamente.

Confidentiality Notice:
This message, together with its annexes, contains information to be deemed 
strictly confidential
and is destined only to the addressee(s) identified above who only may use, 
copy and, under his/their
responsibility, further disseminate it. If anyone received this message by 
mistake or reads it without
entitlement is forewarned that keeping, copying, disseminating or distributing 
this message to persons
other than the addressee(s) is strictly forbidden and is asked to transmit it 
immediately to the sender
and to erase the original message received.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-06-03 Thread Groach via clamav-users


This has since been proven ok.  The FP's stopped last week.

Thanks


02/06/19 17:25

On 27/05/2019 13:34, Tuomo Soini wrote:

On Mon, 27 May 2019 12:47:13 +0200
Andrea Venturoli  wrote:


On 5/27/19 11:38 AM, Groach via clamav-users wrote:

Since 25th May, my email system (according to this new signature)
is rife with a virus that didnt (and still doesnt) exist in these
historic emails.  These emails (an extract of the scan results is
shown below) have PDF's in them but are without risk.  Can we drop
this signature please?

I agree.
I had to whitelist this sig.

That signature was dropped in daily 25462 so updating database should
be enough now.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-31 Thread Groach via clamav-users


Yes.  It has since stopped reporting from Sunday.


On 29/05/2019 15:07, David Raynor wrote:
Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that 
was published on the morning of the 28th. If you got that version or 
25464 from this morning you should be fine.


Dave R.

On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Since 25th May, my email system (according to this new signature)
is rife with a virus that didnt (and still doesnt) exist in these
historic emails.?? These emails (an extract of the scan results is
shown below) have PDF's in them but are without risk.?? Can we
drop this signature please?

Thanks


D:\Datastore\hMailData\mydomain.net
\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net
\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND

and several hundred more

___

clamav-users mailing list
clamav-users@lists.clamav.net 
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



--
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com 


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-29 Thread David Raynor

 Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was
published on the morning of the 28th. If you got that version or 25464 from
this morning you should be fine.

Dave R.

On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Since 25th May, my email system (according to this new signature) is rife
> with a virus that didnt (and still doesnt) exist in these historic
> emails.?? These emails (an extract of the scan results is shown below) have
> PDF's in them but are without risk.?? Can we drop this signature please?
>
> Thanks
>
>
> D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
> and several hundred more
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-29 Thread Groach via clamav-users

Since 25th May, my email system (according to this new signature) is 
rife with a virus that didnt (and still doesnt) exist in these historic 
emails.  These emails (an extract of the scan results is shown below) 
have PDF's in them but are without risk.  Can we drop this signature please?


Thanks


D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND


and several hundred more

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-27 Thread Groach via clamav-users


Thanks for the update.  I'll run it through and test.

Cheers

On 27/05/2019 13:34, Tuomo Soini wrote:

On Mon, 27 May 2019 12:47:13 +0200
Andrea Venturoli  wrote:


On 5/27/19 11:38 AM, Groach via clamav-users wrote:

Since 25th May, my email system (according to this new signature)
is rife with a virus that didnt (and still doesnt) exist in these
historic emails.  These emails (an extract of the scan results is
shown below) have PDF's in them but are without risk.  Can we drop
this signature please?

I agree.
I had to whitelist this sig.

That signature was dropped in daily 25462 so updating database should
be enough now.




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-27 Thread Tuomo Soini

On Mon, 27 May 2019 12:47:13 +0200
Andrea Venturoli  wrote:

> On 5/27/19 11:38 AM, Groach via clamav-users wrote:
> > Since 25th May, my email system (according to this new signature)
> > is rife with a virus that didnt (and still doesnt) exist in these
> > historic emails.  These emails (an extract of the scan results is
> > shown below) have PDF's in them but are without risk.  Can we drop
> > this signature please?  
> 
> I agree.
> I had to whitelist this sig.

That signature was dropped in daily 25462 so updating database should
be enough now.

-- 
Tuomo Soini 
Foobar Linux services
+358 40 5240030
Foobar Oy 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-27 Thread Andrea Venturoli


On 5/27/19 11:38 AM, Groach via clamav-users wrote:
Since 25th May, my email system (according to this new signature) is 
rife with a virus that didnt (and still doesnt) exist in these historic 
emails.  These emails (an extract of the scan results is shown below) 
have PDF's in them but are without risk.  Can we drop this signature please?


I agree.
I had to whitelist this sig.

 bye
av.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

2019-05-27 Thread Groach via clamav-users

Since 25th May, my email system (according to this new signature) is 
rife with a virus that didnt (and still doesnt) exist in these historic 
emails.  These emails (an extract of the scan results is shown below) 
have PDF's in them but are without risk.  Can we drop this signature please?


Thanks


D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml: 
Win.Exploit.CVE_2019_0758-6968262-1 FOUND


and several hundred more

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

10 matches

Site Navigation

Mail list logo

Footer information