[clamav-users] CVE_2013_3860-1

Junuzovic Vahid vahid.junuzovic at eng.it
Tue Jul 26 08:07:38 UTC 2016 

I checked few minutes ago but it is still present also with the new definitions updated!

--- cut here ---
# freshclam
ClamAV update process started at Tue Jul 26 09:42:49 2016
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99 Recommended version: 0.99.2
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)

Downloading daily-21972.cdiff [100%]
daily.cld updated (version: 21972, sigs: 454200, f-level: 63, builder: neo)

bytecode.cld is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
Database updated (4673043 signatures) from db.it.clamav.net (IP: 90.147.160.69)
....

# clamscan /usr/share/doc/libxml2-python-2.7.6/reader2.py
/usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4667645
Engine version: 0.99
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 14.303 sec (0 m 14 s)
[root at prdfeec01 clamav]#
--- cut here ---

Vahid

-----Original Message-----
From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf Of Alain Zidouemba
Sent: lunedì 25 luglio 2016 17:13
To: ClamAV users ML
Subject: Re: [clamav-users] CVE_2013_3860-1

Xml.Exploit.CVE_2013_3860-1 has been dropped.

Thanks,

- Alain

On Sun, Jul 24, 2016 at 11:51 AM, Al Varnell <alvarnell at mac.com> wrote:

> There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily:
> 20352 on Apr 20, 2015 which was found to be producing FP’s and was 
> removed by daily: 20358.
>
> The current Xml.Exploit.CVE_2013_3860-1 was re-introduced by daily - 
> 21939 on Jul 20, 2016 and I know of one ClamXav user reporting what he 
> believes to be an FP, but waiting on details.  Not sure whether the 
> two signatures are the same or not.
>
> -Al-
>
> On Jul 24, 2016, at 7:14 AM, c chupela <cnctema68 at yahoo.com> wrote:
>
> > My Clamav installation,  engine version .99, signature daily.cld 
> > updated
> (version: 21959, sigs: 454048, f-level: 63, builder: neo)bytecode.cld 
> is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
> >
> > flagging /usr/share/doc/libxml2-python-2.7.6/reader2.py:
> Xml.Exploit.CVE_2013_3860-1
> >
> > I see some discussion online that alludes to this being a false
> positive, is this the case?
> > Thanks
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list