[clamav-users] CVE_2013_3860-1
Al Varnell
alvarnell at mac.com
Sun Jul 24 15:51:55 UTC 2016
There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily: 20352 on Apr 20, 2015 which was found to be producing FP’s and was removed by daily: 20358.
The current Xml.Exploit.CVE_2013_3860-1 was re-introduced by daily - 21939 on Jul 20, 2016 and I know of one ClamXav user reporting what he believes to be an FP, but waiting on details. Not sure whether the two signatures are the same or not.
-Al-
On Jul 24, 2016, at 7:14 AM, c chupela <cnctema68 at yahoo.com> wrote:
> My Clamav installation, engine version .99, signature daily.cld updated (version: 21959, sigs: 454048, f-level: 63, builder: neo)bytecode.cld is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
>
> flagging /usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1
>
> I see some discussion online that alludes to this being a false positive, is this the case?
> Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160724/c279e434/attachment.bin>
More information about the clamav-users
mailing list