[clamav-users] Html.Exploit.CVE_2016_7190-1 WordPress False Positives

Al Varnell alvarnell at mac.com
Sun Oct 23 02:00:31 EDT 2016


Have received a couple of reports of multiple WordPress site infected with Html.Exploit.CVE_2016_7190-1 over the past two days, which was added by daily - 22400 on 10/20/2016.

Also found in the OS X WordPress.com App which I downloaded from <https://apps.wordpress.com/d/osx/>. I uploaded the app to your False Positive Reports as a .zip and believe the MD5 to be f06bece19d803bc2c1159b170aa8b499.

Actual component being identified as infected is WordPress.com.app/Contents/Resources/app/calypso/public/build.js with MD5 of 93dc9d8104d7c341012844f7e43a097e. VirusTotal shows ClamAV as the only scanner detecting it 
<https://www.virustotal.com/en/file/95002a20edb8b02a3a7384bf022cfdc61cdd60bb5e41d831a22f673ab734e9de/analysis/1477201776/>


-Al-
-- 
Al Varnell
Mountain View, CA




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20161022/c11dee30/attachment.bin>


More information about the clamav-users mailing list