[clamav-users] Swf.Exploit.CVE_2015_5548 giving FP's

Al Varnell alvarnell at mac.com
Wed Nov 18 04:09:20 UTC 2015 

Angel,

Not sure who you are addressing this to.  As I said I’ve already asked those using Adobe apps to upload to the FP site.

Before I posted my first message I located and uploaded the following to the FP site:

FlixsterDesktop.zip = 76a41222a3a044c918f9539a9eb196b5

FYI anybody from the ClamAV signature team monitoring this, Swf.Exploit.CVE_2015_5548 is being ignored for all ClamXav users now.

I only report FP’s here when they are relatively new signatures that seem to be causing wide-spread detection of older or major commercial software, in hopes of accelerating the resolution process.

-Al-

On Tue, Nov 17, 2015 at 05:55 AM, Angel Villegas wrote:
> 
> Please report ClamAV FPs at http://www.clamav.net/reports/fp.
> 
> Thanks,
> Angel M. Villegas
> 
> On Tue, Nov 17, 2015 at 1:54 AM, Gene Heskett <gheskett at wdtv.com> wrote:
> 
>> On Tuesday 17 November 2015 01:33:15 Al Varnell wrote:
>> 
>>> Swf.Exploit.CVE_2015_5548 was added to the database today:
>>>> ClamAV database updated (16 Nov 2015 07-00 -0500): daily.cvd
>>>> Version: 21062
>>> 
>>> and has resulted in three OS X users, so far, reporting various Adobe
>>> files as infected, in addition to even more reporting infected browser
>>> cache files.
>>> 
>>> I have asked those with Adobe hits to upload to your False Positive
>>> Report site.
>>> 
>>> -Al-
>> 
>> No clue were that site is Al, but my scan, on a wheezy box, just reported
>> 10 copies of Swf.Exploit.CVE_2015_5548
>> 
>> In the mozilla and chrome caches,  I just nuked the lot of them.
>> 
>> Cheers, Gene Heskett
>> --
>> "There are four boxes to be used in defense of liberty:
>> soap, ballot, jury, and ammo. Please use in that order."
>> -Ed Howdershelt (Author)
>> Genes Web page <http://geneslinuxbox.net:6309/gene>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2366 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151117/4c319d62/attachment.bin>

More information about the clamav-users mailing list