[clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials
lukn
lukn555 at gmail.com
Wed Sep 13 14:42:03 UTC 2017
Hello List
Same here, I do see FPs with
BC.Win.Exploit.CVE_2017_11244-6335828-0
hitting legitimate corporate files (so no submission possible from me
either).
md5sum of the affected file is
bf20323e1cea2c2c3fc26d09956dd906
(don't know if this is helpful without the actual file...)
On 13.09.2017 16:27, Leonardo Rodrigues wrote:
>
> I'm also getting some excel files flagged by the same signature,
> excel files that are supposed to be clean by other commercial antiviruses
>
> two files from my amavis quarantine folder scanned with actual
> signatures:
>
> [root at correio shm]# clamdscan -v virus-2017*
> /dev/shm/virus-20170912T100210-14568-04-oYAqsgllorwh:
> BC.Win.Exploit.CVE_2017_11244-6335828-0 FOUND
> /dev/shm/virus-20170913T105721-11777-15-NJFMBYpgy4B5:
> BC.Win.Exploit.CVE_2017_11244-6335828-0 FOUND
>
> signatures i'm running
>
> [root at correio shm]# freshclam
> ClamAV update process started at Wed Sep 13 11:27:06 2017
> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
> builder: sigmgr)
> daily.cvd is up to date (version: 23823, sigs: 1742928, f-level: 63,
> builder: neo)
> bytecode.cld is up to date (version: 311, sigs: 74, f-level: 63,
> builder: neo)
>
>
> unfortunelly these are corporate files and i cannot submit them for
> analysis :(
>
>
> Em 11/09/17 16:06, Judd Grayzel escreveu:
>> My Synology Diskstation running the Anti-Virus Essentials (ClamAV
>> based engine) quarantined almost 1000 files for the CVE-2017-11241
>> vulnerability. This CVE references a problem with Adobe Acrobat, but
>> the files that are being quarantined are Microsoft Excel fIles.
>> Do these files really have a virus of some sort, or is this a
>> False/Positive situation?
>
More information about the clamav-users
mailing list