[clamav-users] FP Pdf.Exploit.CVE_2016_1091-2
Gene Heskett
gheskett at shentel.net
Wed Nov 30 14:51:42 UTC 2016
On Wednesday 30 November 2016 05:29:42 Al Varnell wrote:
> Has anybody submitted a PDF yet? Normally, nothing can happen until
> they have at least one example. Once somebody has a sample they are
> allowed to submit, return here with a hash value of the submitted file
> so they can expedite processing.
>
> -Al-
I did Al, how many more copies of it does it take?
> On Wed, Nov 30, 2016 at 02:26 AM, maxal wrote:
> > hi,
> >
> > On Tue, 2016-11-29 at 15:46 -0500, Gene Heskett wrote:
> >> On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote:
> >>> Is there any way to get updates on a false positives(i submitted
> >>> this
> >>> about a week or so ago), if it is or is not, i still find these.
> >>> In my
> >>> case they seem to be ok coming from the printer, but then a
> >>> non-technical person opens and saves the file with a different
> >>> name (rather than just rename it) which activates this particular
> >>> exploit,
> >>> which we've proven by going and grabbing directly from the printer
> >>> and
> >>> then having the client open and resave and send us both documents.
> >>>
> >>> We're in the type of business where it would open us up to a ton
> >>> of liability if we were to white list, without knowing, have have
> >>> a site
> >>> user download an infected file.
> >>>
> >>> Thanks, happy to do anything i can.
> >>>
> >>> Jeff
> >>
> >> I too have submitted an FP report on this one, but haven't been
> >> advised
> >> about it either. IMO it is as phony as a 3 dollar bill.
> >
> > also numerous hits on this rule on valid/harmless pdfs here - i have
> > already reported the fp last week and disabled/whitelisted the rule
> > due to customer complaints.
> >
> > why is cisco/clamav ignoring all the reports? is this part of the
> > automated (signature) processing? ~10 days of waiting for a
> > signature- fix is hard, the rule was published on:
> >
> > Nov 20, 2016, 3:18 PM
> > Datefile: daily
> > Version: 22573
> > Publisher: Alain Zidouemba
> > New Sigs: 1187
> > Dropped Sigs: 0
> > Ignored Sigs: 54
> >
> > kind regards
> > max
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
More information about the clamav-users
mailing list