[clamav-users] handling multiple hits on CVE-2015-7645?
Orrick, Diana
orrick at fsu.edu
Mon Nov 30 15:27:00 UTC 2015
Thanks for your response...
I did join the clamav-virusdb mail list (since 11/10/2015)
and have received *[clamav-virusdb] Update ...*
messages
Example:
--------------------------------------------------------------------------------
ClamAV database updated (30 Nov 2015 08-36 -0500): daily.cvd
Version: 21116
Submission-ID: 1201984744
Sender: Anonymous
Added: Win.Worm.Allaple-143117
...
------------------------------------------------------------------------------
I have been reading these as a posting of a (new) virus and
clamav support has confirmed it and added the signature to the database
(update).
Should I have noted a submission ID when I originally posted the false
positive reports?
Would an accepted false positive submission be noted as "Removed:" ?
Should I expect a different notification?
Thanks for any clarification.
On 11/22/2015 4:28 PM, Al Varnell wrote:
> On Sun, Nov 22, 2015 at 04:51 AM, Orrick, Diana wrote:
>> Hello,
>>
>> I haven't has any response to filing a number of False Positive reports, should I have?
> Have you joined the clamav-virusdb mailing-list? You won’t be notified unless you do.
>
>> I do appreciate the limits of the support folks, really. Just trying to understand
>> how FP are handled and what the expectations should be.
>>
>> We've had another round of scans and the same servers,
>> same files are flagged by ClamAV (only) again for Swf.Exploit.CVE_2015_7645.
>> These are showing up on Linux servers that do not have the flash rpm referenced in the CVE.
>>
>> I've looked through the archives and the admin manual for some reference to
>> creating a 'local whitelist record' but don't find much. Would someone point
>> me to the terms I should search on for the whitelist creation process, please?
>>
>> Thanks for your assistance.
> -Al-
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list