[clamav-users] handling multiple hits on CVE-2015-7645?

Sun Nov 22 14:14:32 UTC 2015

Thanks much for your prompt response!

On 11/22/2015 9:11 AM, Steve basford wrote:
> Create a localfp.ign2 file with the following line in it in your 
> ClamAV database folder:
>
> Swf.Exploit.CVE_2015_7645
>
> Restart clamd
>
> Hopefully the FP will be officially fixed soon.
>
> Cheers,
>
> Steve
> Web: sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
>
>
> On 22 November 2015 12:52:04 "Orrick, Diana" <orrick at fsu.edu> wrote:
>
>> Hello,
>>
>> I haven't has any response to filing a number of False Positive reports,
>> should I have?
>> I do appreciate the limits of the support folks, really. Just trying to
>> understand
>> how FP are handled and what the expectations should be.
>>
>> We've had another round of scans and the same servers,
>> same files are flagged by ClamAV (only) again for 
>> Swf.Exploit.CVE_2015_7645.
>> These are showing up on Linux servers that do not have the flash rpm
>> referenced in the CVE.
>>
>> I've looked through the archives and the admin manual for some 
>> reference to
>> creating a 'local whitelist record' but don't find much. Would someone
>> point
>> me to the terms I should search on for the whitelist creation process,
>> please?
>>
>> Thanks for your assistance.
>>
>> -- 
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Diana Mayer Orrick
>>
>> Florida State University
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-- 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Diana Mayer Orrick

Enterprise Systems Security

Information Technology Services

Florida State University

orrick at fsu.edu <mailto:orrick at fsu.edu>- (850) 645-8009

~~~~~~~~~~~~~~~~~~~~~~~~~~~~