[clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1?

Steve Basford steveb_clamav at sanesecurity.com
Wed Aug 10 06:05:44 EDT 2016


On Wed, August 10, 2016 10:52 am, Jan-Pieter Cornet wrote:
> On 10-8-16 08:22, ANANT S ATHAVALE wrote:
>
>> Hi,
>>
>>
>> Most of the mails are marked with  Win.Exploit.CVE_2016_3316-1.  Is
>> this a false positive?
>
> Created a completely empty .doc file using LibreOffice on linux, and the
> resulting file was recognized as Win.Exploit.CVE_2016_3316-1.
>
If you have a sample could you throw me a copy, as I've created a few
blank files on libreoffice and scanned with clamav and no hits.

create a ticket and upload:

http://sanesecurity.org/hesk/

If it is an fp, then I've like to add this "blank" file to my ham folder
so Sanesecurity sigs won't hit in the future either.

Cheers,

Steve
Web : sanesecurity.com
Twitter: @sanesecurity




More information about the clamav-users mailing list