[clamav-users] Swf.Exploit.CVE_2015_3102 FP

Alain Zidouemba azidouemba at sourcefire.com
Fri Aug 21 15:16:23 EDT 2015


Thank you for reporting the FP and providing information. The signature
needs to be reworked as it is causing FPs. The current version of the
signature will be dropped shortly.

Thanks,

- Alain

On Fri, Aug 21, 2015 at 1:56 PM, Ángel González <angel at av.16bits.net> wrote:

> Al Varnell wrote:
> > I’ve had three users report browser cache files indicating
> > Swf.Exploit.CVE_2015_3102 infection.  All were logging into PayPal at
> > the time.
> > <https://www.paypal.com/us/cgi-bin/webscr?cmd=_account>
>
> My first doubt was wether they were logging into the legitimate PayPal
> site, but apparently they were.
>
> The Swf.Exploit.CVE_2015_3102 signature matches the file at
>  hxxps://www.paypal.com/en_US/m/mid.swf
>
>
> PayPal seems to have modified the file in the meantime, though. Al
> reported the file was 5d024cc615e2b1c35ce9b2cce77ef481 /
> c9d1856cfddc24fc3c51e5cc023c2cb4575b38a2140a39123438276d18b8561e
> The one I downloaded is b0a5b791ee0a61b5bab74c8772e227e0 /
>  75c2934018c742de4c902ad377be8edb7473266bacbb20e6407368676b9330a9
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list