[clamav-users] handling multiple hits on CVE-2015-7645?
Steve basford
steveb_clamav at sanesecurity.com
Sun Nov 22 14:11:28 UTC 2015
Create a localfp.ign2 file with the following line in it in your ClamAV
database folder:
Swf.Exploit.CVE_2015_7645
Restart clamd
Hopefully the FP will be officially fixed soon.
Cheers,
Steve
Web: sanesecurity.com
Blog: sanesecurity.blogspot.com
On 22 November 2015 12:52:04 "Orrick, Diana" <orrick at fsu.edu> wrote:
> Hello,
>
> I haven't has any response to filing a number of False Positive reports,
> should I have?
> I do appreciate the limits of the support folks, really. Just trying to
> understand
> how FP are handled and what the expectations should be.
>
> We've had another round of scans and the same servers,
> same files are flagged by ClamAV (only) again for Swf.Exploit.CVE_2015_7645.
> These are showing up on Linux servers that do not have the flash rpm
> referenced in the CVE.
>
> I've looked through the archives and the admin manual for some reference to
> creating a 'local whitelist record' but don't find much. Would someone
> point
> me to the terms I should search on for the whitelist creation process,
> please?
>
> Thanks for your assistance.
>
> --
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Diana Mayer Orrick
>
> Florida State University
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list