[clamav-users] HTML.Exploit.Heap-2 False Positive?
Al Varnell
alvarnell at mac.com
Mon May 12 17:01:43 UTC 2014
A ClamXav user complained of having a Google Chrome extension “WebGL Inspector” which he has used since 2012 was said to be infected with HTML.Exploit.Heap-2.
I was able to obtain a later version of that extension and verified that the gli.all.js file in that extension scans as infected.
I was not able to locate when this signature was added on the clamav-virusdb list.
I was able to easily confirm that the file contains all elements of the signature (four ascii strings separated by “any strings” of varying length.
I haven’t found any clues on what an actual infected file might be.
I submitted it to VirusTotal where only ClamAV® detected it
<https://www.virustotal.com/en/file/36fd57cce150c5e8ea26168823e84b19e109592c6586496b605306cbb482d982/analysis/1399908003/>
I successfully uploaded to you using your "Submit a false positive" form. MD5 = 6968c0d2ad15e68b33bb30074ddbb7a6
-Al-
--
Al Varnell
Mountain View, CA
More information about the clamav-users
mailing list