[clamav-users] Swf.Exploit.CVE_2015_5548 giving FP's
Al Varnell
alvarnell at mac.com
Tue Nov 17 07:58:48 UTC 2015
The browser cache doesn’t really bother me that much, although I suspect it is just as much of an FP.
It’s these Adobe files that I’m pretty certain should not be detected:
> EBookExport.InDesignPlugin
> /Applications/Adobe InDesign CC 2015/Plug-Ins/Filters/EBookExport.InDesignPlugin
> Swf.Exploit.CVE_2015_5548
>
> Flash3DViewer.swf
> /Applications/Adobe Photoshop CC 2015/Presets/Flash 3D/Flash3DViewer.swf
> Swf.Exploit.CVE_2015_5548
>
> PWAFlex.swf
> /Applications/Utilities/Adobe Application Manager/LWA/PWAFlex.swf
> Swf.Exploit.CVE_2015_5548
>
> OverlayCreator2015.swf
> /Library/Application Support/Adobe/CEP/extensions/OverlayCreator2015/OverlayCreator2015.swf
> Swf.Exploit.CVE_2015_5548
and
> Flixster Desktop.app Swf.Exploit.CVE_2015_5548
-Al-
On Mon, Nov 16, 2015 at 10:54 PM, Gene Heskett wrote:
>
> On Tuesday 17 November 2015 01:33:15 Al Varnell wrote:
>
>> Swf.Exploit.CVE_2015_5548 was added to the database today:
>>> ClamAV database updated (16 Nov 2015 07-00 -0500): daily.cvd
>>> Version: 21062
>>
>> and has resulted in three OS X users, so far, reporting various Adobe
>> files as infected, in addition to even more reporting infected browser
>> cache files.
>>
>> I have asked those with Adobe hits to upload to your False Positive
>> Report site.
>>
>> -Al-
>
> No clue were that site is Al, but my scan, on a wheezy box, just reported
> 10 copies of Swf.Exploit.CVE_2015_5548
>
> In the mozilla and chrome caches, I just nuked the lot of them.
>
> Cheers, Gene Heskett
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2366 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151116/6bd211ba/attachment.bin>
More information about the clamav-users
mailing list