[Clamav-devel] Issue with FP only on 0.103.1
Micah Snyder (micasnyd)
micasnyd at cisco.com
Thu Feb 11 19:12:34 UTC 2021
Hi Mark,
Do you think you could share a sample or two with me to test. I'm really curious what changed and would like to debug each version with a sample or two.
-Micah
> -----Original Message-----
> From: clamav-devel <clamav-devel-bounces at lists.clamav.net> On Behalf Of
> Mark Allan
> Sent: Monday, February 8, 2021 3:04 AM
> To: ClamAV Development <clamav-devel at lists.clamav.net>
> Subject: [Clamav-devel] Issue with FP only on 0.103.1
>
> Hi all,
>
> It looks like the additional image file type support in 0.103.1 has introduced
> an issue with a particular signature which has been in the database since 2018
>
> Img.Exploit.CVE_2018_4904-6449838-0
>
> It's flagging up thousands of known-good files. As far as I can tell, they're all
> TIFF files.
>
> I've added that signature to an ign2 file for now, but I'm wondering if there's
> something else that's maybe amiss somewhere either with the signature or
> the 0.103.1 update?
>
> Best regards,
> Mark
>
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-
> Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-devel
mailing list