[clamav-users] - False Positive
Al Varnell
alvarnell at mac.com
Thu Jul 9 17:33:25 UTC 2015
I’m not sure why you would consider a 2012 CVE to be an indicator of a false positive. Have you read the vulnerability description?
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0167>
If that document contains an EMF image it could cause a heap-based buffer overflow in those older, unmatched versions of Microsoft Office.
-Al-
> On Jul 9, 2015, at 7:55 AM, Ingo Bente <ingo.bente at gmail.com> wrote:
>
> Yes.
>
> /path/to/file: BC.Win.Exploit.CVE_2012_0167 FOUND
>
> The file was last changed in Mar 2015. This, in addition to the fact
> that the CVE dates back to the year 2012, seems to indicate a false
> positive to me.
>
> Cheers
> Ingo
>
> On 9 July 2015 at 15:37, Alain Zidouemba <azidouemba at sourcefire.com> wrote:
>> Can you provide the detection name that ClamAV displayed?
>>
>> Thanks,
>>
>> - Alain
More information about the clamav-users
mailing list