The "Java.Exploit.CVE_2013_2465" virus takes advantage of unpatched versions of Java and OpenJDK which are vulnerable to CVE-2013-2465. The signature isn't meant to detect the vulnerability itself, but a specific piece of malware that targets it.
OpenJDK got updated for this CVE in July: http://www.ubuntu.com/usn/usn-1908-1/ It is likely that the ClamAV signature simply includes the API that is being used by the malware, and that API happens to also be used by code in the rt.jar file. I agree, this is likely a bug in the clamav signature database, which we do not ship in Ubuntu. I am closing this bug since there is no actionable item. If you want this to be corrected in the ClamAV database, I suggest filing a bug with the ClamAV project here: http://www.clamav.net/lang/en/sendvirus/submit-fp/ Thanks. ** Changed in: clamav (Ubuntu) Status: New => Won't Fix ** Changed in: clamav (Ubuntu) Status: Won't Fix => Invalid ** Changed in: openjdk-6 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/1224723 Title: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
