[clamav-users] Html.Exploit.CVE_2017_0141-6003839-0 FP's
Al Varnell
alvarnell at mac.com
Thu Mar 16 23:31:57 UTC 2017
Christopher,
Thanks for giving a hand. Several more reports this morning. ClamXav has added it to ClamXav.ign2.
Now I see there are reports concerning a different signature for the same CVE when accessing https://wordpress.org and Html.Exploit.CVE_2017_0141-6010301-0, which I can verify.
-Al-
On Thu, Mar 16, 2017 at 07:30 AM, Christopher Marczewski wrote:
>
> Al,
>
> Thanks for the report. In the interim, I'll pass that link along so we can
> get a fix in as soon as possible.
>
> On Wed, Mar 15, 2017 at 10:55 PM, Al Varnell wrote:
>> There have now been three ClamXav user reports of
>> Html.Exploit.CVE_2017_0141-6003839-0, most, if not all involving browser
>> caches while visiting several financial sites.
>>
>> Then I ran across these two reports on Reddit <https://www.reddit.com/r/
>> webdev/comments/5zis7p/infected_files_in_postman_resource_directory/>
>> involving a variety of different files and have encouraged them to submit
>> them as ClamAV False Positive.
>>
>> -Al-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170316/979a4a1b/attachment.bin>
More information about the clamav-users
mailing list