[clamav-users] Html.Exploit.CVE_2016_7190-1 WordPress False Positives

Alain Zidouemba azidouemba at sourcefire.com
Sun Oct 23 08:19:05 EDT 2016


Thanks Al.

The signature has been removed.

- Alain

On Sun, Oct 23, 2016 at 2:00 AM, Al Varnell <alvarnell at mac.com> wrote:

> Have received a couple of reports of multiple WordPress site infected with
> Html.Exploit.CVE_2016_7190-1 over the past two days, which was added by
> daily - 22400 on 10/20/2016.
>
> Also found in the OS X WordPress.com App which I downloaded from <
> https://apps.wordpress.com/d/osx/>. I uploaded the app to your False
> Positive Reports as a .zip and believe the MD5 to be
> f06bece19d803bc2c1159b170aa8b499.
>
> Actual component being identified as infected is
> WordPress.com.app/Contents/Resources/app/calypso/public/build.js with MD5
> of 93dc9d8104d7c341012844f7e43a097e. VirusTotal shows ClamAV as the only
> scanner detecting it
> <https://www.virustotal.com/en/file/95002a20edb8b02a3a7384bf022cfd
> c61cdd60bb5e41d831a22f673ab734e9de/analysis/1477201776/>
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list