[clamav-users] FP Pdf.Exploit.CVE_2016_1091-2
Al Varnell
alvarnell at mac.com
Wed Nov 30 10:29:42 UTC 2016
Has anybody submitted a PDF yet? Normally, nothing can happen until they have at least one example. Once somebody has a sample they are allowed to submit, return here with a hash value of the submitted file so they can expedite processing.
-Al-
On Wed, Nov 30, 2016 at 02:26 AM, maxal wrote:
>
> hi,
>
> On Tue, 2016-11-29 at 15:46 -0500, Gene Heskett wrote:
>> On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote:
>>
>>>
>>> Is there any way to get updates on a false positives(i submitted
>>> this
>>> about a week or so ago), if it is or is not, i still find these. In
>>> my
>>> case they seem to be ok coming from the printer, but then a
>>> non-technical person opens and saves the file with a different name
>>> (rather than just rename it) which activates this particular
>>> exploit,
>>> which we've proven by going and grabbing directly from the printer
>>> and
>>> then having the client open and resave and send us both documents.
>>>
>>> We're in the type of business where it would open us up to a ton of
>>> liability if we were to white list, without knowing, have have a
>>> site
>>> user download an infected file.
>>>
>>> Thanks, happy to do anything i can.
>>>
>>> Jeff
>>>
>> I too have submitted an FP report on this one, but haven't been
>> advised
>> about it either. IMO it is as phony as a 3 dollar bill.
>
> also numerous hits on this rule on valid/harmless pdfs here - i have
> already reported the fp last week and disabled/whitelisted the rule due
> to customer complaints.
>
> why is cisco/clamav ignoring all the reports? is this part of the
> automated (signature) processing? ~10 days of waiting for a signature-
> fix is hard, the rule was published on:
>
> Nov 20, 2016, 3:18 PM
> Datefile: daily
> Version: 22573
> Publisher: Alain Zidouemba
> New Sigs: 1187
> Dropped Sigs: 0
> Ignored Sigs: 54
>
> kind regards
> max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20161130/de521bcd/attachment.bin>
More information about the clamav-users
mailing list