[clamav-users] False positive on go source code using PUA
Al Varnell
alvarnell at mac.com
Wed Nov 4 09:25:05 UTC 2015
By definition, there is no such thing as a False Positive PUA nor is PUA considered to be infected.
<http://www.clamav.net/documents/potentially-unwanted-applications-pua>.
Based on the description of CVE-2012-1461
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1461> I’d guess it has something to do with the way that file was compressed that might allow it to be bypass malware detection by a number of A-V scanners, which simply makes it suspicious.
I don’t see any errors here.
-Al-
On Tue, Nov 03, 2015 at 10:03 PM, P K wrote:
>
> Hi,
>
> I tried clamdscan with PUA enabled on go source code and seen an error.
>
> Below are error:
>
> clamdscan -v go1.4.2.src.tar.gz
> /home/punit/go1.4.2.src.tar.gz: PUA.File.Exploit.CVE_2012_1461 FOUND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2366 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151104/01665dcc/attachment.bin>
More information about the clamav-users
mailing list