[clamav-users] False Positive & File Decompression errors

Manoj Chitrala mchitrala at researchnow.com
Tue Aug 19 09:34:50 UTC 2014 

Hi,

Here is the MD5 sum output.

root at RSNUKLT146:~/Desktop# md5sum show.html.erb
16e3a74703c22cce728bb523439c1d02  show.html.erb
root at RSNUKLT146:~/Desktop#

We are running Redhat Enterprise Linux 6.4 where clam av is been installed with 0.98.4 version. Please do let me know if any more information required.

As a temporary work around we have whitelisted Html.Exploit.CVE_2014_0277 virus alerts, as it has alerted many files which are not threat to us. Once we have solution, we will remove the white listing.

============
Thanks,
Manoj Chitrala


--
Manoj Chitrala
Unix Administrator & Postmaster

Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |  Mobile: +44 7971 312075



Research Now  |  160 Queen Victoria Street  |  London, United Kingdom EC4V 4BF
www.researchnow.com

-----Original Message-----
From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf Of Al Varnell
Sent: 19 August 2014 10:29
To: ClamAV users ML
Subject: Re: [clamav-users] False Positive & File Decompression errors

Manoj,

What unix system are you running clamav on?

The team will need to know the MD5 of show.html.erb in order to quickly locate it among the other False Positives submitted.  You cannot attach it here.

-Al-

> On Aug 19, 2014, at 2:02 AM, Manoj Chitrala <mchitrala at researchnow.com> wrote:
>
> Hi,
>
> We have 2 issues with Clamav.
>
>
> 1)      We've been receiving false positive alerts. I have also submitted false positives many a times but I haven't received any response from clam av team. Please can you suggest a fix for this. I have upgraded the AV to latest, updated the virus definitions but all in vain. Attaching the file for your reference. This file show.html.erb is been reported with Html.Exploit.CVE_2014_0277, which is a false as we have scanned it using Microsoft End Point Protection and found no threats.
>
> 2)      The other error we have is the clam av reports us it is unable decompress the file and scan. Please can you suggest any solution for this. Error message appears as "scancws: Error decompressing SWF file LibClamAV info"
>
> Hoping to get a response on these 2 issues.
>
> ============
> Thanks,
> Manoj Chitrala
>
>
>        [Research Now] <http://www.researchnow.com/>
> [Research Now]          Manoj Chitrala
> Unix Administrator & Postmaster
>
>                Tel: +44 207 084 3142  |  Fax: +44 207 084 3001  |  Mobile: +44 7971 312075
>
>
>        <http://rn-university.com/researchagencies/> [http://sigs.researchnow.com/EU_Emails/UK/14Jul/ESOMAR_Footer_UK_Mar14-02.gif] <http://www.researchnow.com/en-GB/PressAndEvents/Events/2014/09/ESOMAR%20Congress%202014.aspx>
>
>        Follow us:  [Facebook] <http://www.facebook.com/ResearchNowUK>   [LinkedIn] <http://www.linkedin.com/company/research-now>   [YouTube] <http://www.youtube.com/user/ResearchNowGlobal>   [Twitter] <http://twitter.com/#!/ResearchNowUK>
>
>          160 Queen Victoria Street  |  London, United Kingdom EC4V 4BF
>        www.researchnow.com
>
> The information contained in this e-mail message is intended for the use of the recipient(s) named above and is privileged and confidential. If you are not the intended recipient, you are formally notified that you have received this message in error and that any review, dissemination, distribution, or copying of the message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the original message.




_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

More information about the clamav-users mailing list