[clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Joel Esler (jesler) jesler at cisco.com
Wed Sep 13 12:43:20 UTC 2017 

This was taken care of already.  Thanks!


--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Sep 12, 2017, at 3:36 PM, Judd Grayzel <judd_grayzel at yahoo.com<mailto:judd_grayzel at yahoo.com>> wrote:

The MD5 of the false positive file that I submitted to the website:MD5 hash of file Standard Job1.xlsx:
eb 28 c5 01 b2 14 91 5a 70 31 59 92 56 9e f6 10

     From: Joel Esler (jesler) <jesler at cisco.com<mailto:jesler at cisco.com>>
To: ClamAV users ML <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
Sent: Tuesday, September 12, 2017 5:55 AM
Subject: Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Depends on your operating system, but googling “how do I find the md5 of a file” for your OS should turn of plenty of results.

--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com><mailto:jesler at cisco.com>






On Sep 11, 2017, at 5:42 PM, Judd Grayzel <judd_grayzel at yahoo.com<mailto:judd_grayzel at yahoo.com><mailto:judd_grayzel at yahoo.com>> wrote:

Where do I get the MD5 for the file?

Sent from my iPhone

On Sep 11, 2017, at 1:42 PM, Joel Esler (jesler) <jesler at cisco.com<mailto:jesler at cisco.com><mailto:jesler at cisco.com>> wrote:

You want to submit some false positives to us via the website, followup here with the md5s of the files you submit, the malware team can take a look.

--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com><mailto:jesler at cisco.com><mailto:jesler at cisco.com>






On Sep 11, 2017, at 3:06 PM, Judd Grayzel <judd_grayzel at yahoo.com<mailto:judd_grayzel at yahoo.com><mailto:judd_grayzel at yahoo.com><mailto:judd_grayzel at yahoo.com>> wrote:

My Synology Diskstation running the Anti-Virus Essentials (ClamAV based engine) quarantined almost 1000 files for the CVE-2017-11241 vulnerability. This CVE references a problem with Adobe Acrobat, but the files that are being quarantined are Microsoft Excel fIles.
Do these files really have a virus of some sort, or is this a False/Positive situation?
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net><mailto:clamav-users at lists.clamav.net><mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list