[clamav-users] FP Pdf.Exploit.CVE_2016_1091-2
maxal
mn at sbg.at
Wed Nov 30 10:26:10 UTC 2016
hi,
On Tue, 2016-11-29 at 15:46 -0500, Gene Heskett wrote:
> On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote:
>
> >
> > Is there any way to get updates on a false positives(i submitted
> > this
> > about a week or so ago), if it is or is not, i still find these. In
> > my
> > case they seem to be ok coming from the printer, but then a
> > non-technical person opens and saves the file with a different name
> > (rather than just rename it) which activates this particular
> > exploit,
> > which we've proven by going and grabbing directly from the printer
> > and
> > then having the client open and resave and send us both documents.
> >
> > We're in the type of business where it would open us up to a ton of
> > liability if we were to white list, without knowing, have have a
> > site
> > user download an infected file.
> >
> > Thanks, happy to do anything i can.
> >
> > Jeff
> >
> I too have submitted an FP report on this one, but haven't been
> advised
> about it either. IMO it is as phony as a 3 dollar bill.
also numerous hits on this rule on valid/harmless pdfs here - i have
already reported the fp last week and disabled/whitelisted the rule due
to customer complaints.
why is cisco/clamav ignoring all the reports? is this part of the
automated (signature) processing? ~10 days of waiting for a signature-
fix is hard, the rule was published on:
Nov 20, 2016, 3:18 PM
Datefile: daily
Version: 22573
Publisher: Alain Zidouemba
New Sigs: 1187
Dropped Sigs: 0
Ignored Sigs: 54
kind regards
max
More information about the clamav-users
mailing list