[clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?
Reindl Harald
h.reindl at thelounge.net
Wed Aug 10 09:58:20 UTC 2016
Am 10.08.2016 um 11:52 schrieb Jan-Pieter Cornet:
> On 10-8-16 08:22, ANANT S ATHAVALE wrote:
>> Hi,
>>
>> Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a false positive?
>
> Yes.
>
> Created a completely empty .doc file using LibreOffice on linux, and the resulting file was recognized as Win.Exploit.CVE_2016_3316-1.
>
> This means that on our medium sized ISP, we got so many false positives from ClamAV in a few hours, that it would take several weeks for ClamAV to even find the same number of true positives in our e-mail stream.
>
> Guess that's the end of ClamAV as an e-mail virus scanner here...
useless polemic
show me one malware scanner with no FP disaster in the past years and
before you throw away the child with the bath consider why you are not
just use *scoring* if you can't accept false positives fixable within a
short timeframe
and in case of .doc i have seen even users complaining that other
mailservers block .doc at all and bounce back you should send a .docx
because they can't contain macros (thats .docm are for)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160810/1dcdad56/attachment.sig>
More information about the clamav-users
mailing list