[clamav-users] Urgent: Php.Exploit.CVE_2015_2331-3 FP

Mark Allan markjallan at gmail.com
Thu Aug 27 06:24:02 EDT 2015

Hi Alain,

I've just submitted a small selection of the files being tagged as infected.


> On 27 Aug 2015, at 11:09 am, Alain Zidouemba <azidouemba at sourcefire.com> wrote:
> Al,
> I will be pulling the signature shortly. Could you please submit a few of
> the file that are alerting here: http://www.clamav.net/report/report-fp.html
> ?
> Thanks,
> - Alain
> On Wed, Aug 26, 2015 at 11:21 PM, Al Varnell <alvarnell at mac.com> wrote:
>> Two Mac users so far are reporting a flood of files identified as being
>> infected with Php.Exploit.CVE_2015_2331.  Most of those files are
>> components of OS X and it’s Unix subsystem.
>> Although I have verified that the signature is present in the current
>> database, I am unable to locate in the clamav-virusdb e-mails I have, so it
>> must have been in daily 20840 which I did not receive this afternoon.
>> I urge you to whitelist this at your earliest convenience before permanent
>> damage is suffered by users who mistakenly quarantine or delete these files.
>> -Al-

More information about the clamav-users mailing list