Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

I can confirm "Win.Exploit.CVE_2019_0903-6966169-0" false/positive is fixed in 25462. regards Sébastien On 27.05.19 15:18, Support wrote: > On Mon, May 27, 2019 00:21, Tim Figgins wrote: >> We are having the same issue. Heaps of emails getting marked as >> Win.Exploit.CVE_2019_0903-6966169-0 >>

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

On Mon, May 27, 2019 00:21, Tim Figgins wrote: > We are having the same issue. Heaps of emails getting marked as > Win.Exploit.CVE_2019_0903-6966169-0 > > > Hopefully it will be fixed soon Daily.cld version: 25461 and up does not have the problem. John > > > Tim Figgins > > > Chief Technology

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

I followed your advise as a temporary solution. echo "Win.Exploit.CVE_2019_0903-6966169-0" >> (Location of clamav Databases)/sig_whitelist.ign2 you may need to restart the daemon, if you are using it. clamscan is now ok with pdfs. On 25.05.19 22:54, Hans Morten Kind via clamav-users wrote: > S

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

--On 25 May 2019 at 22:24:32 -0700 Al Varnell via clamav-users wrote: Appears to be a malformed hex string in 3rd logical expression: * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: LibClamAV Error: cli_hex2ui(): Malformed hexstring: 1 (length: 1) ERROR: Decod

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

We are having the same issue. Heaps of emails getting marked as Win.Exploit.CVE_2019_0903-6966169-0 Hopefully it will be fixed soon Tim Figgins Chief Technology Officer Business Technology Group LTD p: +64 9 950 2104 | m:+64 21 707 996 | t...@btg.co.nz

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

Hi Same here UK clamav with our mailcleaner Every one of our backup pdfs are being marked with this even tho they have been fine for years Prob a false positive Regards Simom Sent from my iPhone > On 25 May 2019, at 21:54, Hans Morten Kind via clamav-users > wrote: > > Seems like evry p

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

Appears to be a malformed hex string in 3rd logical expression: * SUBSIG ID 2 +-> OFFSET: ANY +-> SIGMOD: NONE +-> DECODED SUBSIGNATURE: LibClamAV Error: cli_hex2ui(): Malformed hexstring: 1 (length: 1) ERROR: Decoding failed (1): <<4#ib4#>0xB1B0AFBA) ERROR: Decoding failed -Al- > On May 25,

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

Seems like evry pdf-file is marked as infected by Win.Exploit.CVE_2019_0903-6966169-0 I have put it into local.ign2 and restarted my clamd hmk ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/cla

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

--On 25 May 2019 at 11:25:46 -0400 Tuffmail Support wrote: Same here with FreeBSD 11.1 and clamav-0.101.2. Yesterday 0, today several hundred so far. Thanks for the heads up! Good to know I'm not the only one - but it'd be really handy to be able to get freshclam to either keep the las

Re: [clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

On Sat, May 25, 2019 09:09, Karl Pielorz via clamav-users wrote: > > Hi All, > > > Our system updated today: > > > May 25 09:24:20 daily.cld updated (version: 25460, sigs: 1581004, f-level: > 63, builder: raynman) > > > (Time is BST - i.e. UTC+1) > > > > After that we saw a large number of viruses

[clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903

Hi All, Our system updated today: May 25 09:24:20 daily.cld updated (version: 25460, sigs: 1581004, f-level: 63, builder: raynman) (Time is BST - i.e. UTC+1) After that we saw a large number of viruses found - all detected as Win.Exploit.CVE_2019_0903-6966169-0 This seems to be includi