[clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3
Bill Bennert
bill at webreply.com
Fri May 9 13:06:13 UTC 2014
The clamav false positive submission system will not accept my entry and
says that it is not detected by ClamAV. This is not a virus, not
malware, this is a PHP test file for the PHP source. The released
version for my dist is 0.98.1 but the submission system said to use the
latest version, so I compiled 0.98.3 and came up with the same results
on the latest database. Now I'm posting here to hopefully get it into
the false positive list upon confirmation. If this is not the right
place to post it, please point me in the right direction. After a lot of
searches I have been unable to find any other real reference to this issue.
This is the test file in the PHP git repository.
https://github.com/php/php-src/blob/master/ext/tidy/tests/bug54682.phpt
Adding the -z flag to clamscan will make it visible. With no options
clamscan sees the file as OK.
$ clamscan -z /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt
/opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt:
PHP.Exploit.CVE_2011_4153-3 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 3358731
Engine version: 0.98.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 10.410 sec (0 m 10 s)
The only other possible record of this issue I was able to find is the
following. No guarantee it's actually related, since the thread dies
almost instantly with no resolution:
http://www.gossamer-threads.com/lists/clamav/users/56288
Thank you for your help,
-Bill
More information about the clamav-users
mailing list