[clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Al Varnell alvarnell at mac.com
Fri Sep 15 11:39:00 UTC 2017 

BC.Win.Exploit.CVE_2017_11241-6335400-2 was dropped in bytecode - 311, but not BC.Win.Exploit.CVE_2017_11244-6335828-0.

-Al-

On Fri, Sep 15, 2017 at 04:01 AM, Alain Zidouemba wrote:
> Dropped on Tuesday.
> 
> -Alain
> 
>> On Sep 15, 2017, at 1:45 AM, Al Varnell <alvarnell at mac.com <mailto:alvarnell at mac.com>> wrote:
>> 
>> Haven't seen any notification that it's been dropped yet.
>> 
>> -Al-
>> 
>>> On Wed, Sep 13, 2017 at 11:52 AM, Alain Zidouemba wrote:
>>> BC.Win.Exploit.CVE_2017_11244-6335828-0 has been dropped and will be
>>> modified to avoid the FPs you've reported.
>>> 
>>> Thanks,
>>> 
>>> - Alain
>>> 
>>> On Wed, Sep 13, 2017 at 1:13 PM, Kees Theunissen <C.J.Theunissen at differ.nl <mailto:C.J.Theunissen at differ.nl> <mailto:C.J.Theunissen at differ.nl <mailto:C.J.Theunissen at differ.nl>>>
>>> wrote:
>>> 
>>>>> On Wed, 13 Sep 2017, Kees Theunissen wrote:
>>>>> 
>>>>>> On Wed, 13 Sep 2017, lukn wrote:
>>>>>> 
>>>>>> Hello List
>>>>>> 
>>>>>> Same here, I do see FPs with
>>>>>> BC.Win.Exploit.CVE_2017_11244-6335828-0
>>>>>> hitting legitimate corporate files (so no submission possible from me
>>>>>> either).
>>>>> 
>>>>> We saw BC.Win.Exploit.CVE_2017_11244-6335828-0 hitting a *.docx
>>>>> attachment in an outbound e-mail from one of our users.
>>>>> That was probably a FP too.
>>>>> I didn't see the attachment myself so I'm not sure that it was
>>>>> a FP. I asked the user if the file was confidential and if I could
>>>>> get a copy of the file for inspection and submission of a FP-report.
>>>>> He didn't answer yet.
>>>> 
>>>> Update: he answered while I wrote the above message.
>>>> Unfortunately the file is a confidential research proposal so
>>>> I can't include it in a FP-report.
>>>> 
>>>> 
>>>> Regards,
>>>> 
>>>> Kees Theunissen.
>>>> 
>>>> --
>>>> Kees Theunissen,  System and network manager,   Tel: +31 (0)40-3334724
>>>> Dutch Institute For Fundamental Energy Research (DIFFER)
>>>> e-mail address:   C.J.Theunissen at differ.nl <mailto:C.J.Theunissen at differ.nl> <mailto:C.J.Theunissen at differ.nl <mailto:C.J.Theunissen at differ.nl>>
>>>> postal address:   PO Box 6336, 5600 HH, Eindhoven, the Netherlands
>>>> visitors address: De Zaale 20, 5612 AJ, Eindhoven, the Netherlands
>>>> 
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> <mailto:clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>>
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
>>>> 
>>>> 
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>> 
>>>> http://www.clamav.net/contact.html#ml
>>>> 
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net> <mailto:clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>>
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> 
>> -Al-
>> --
>> Al Varnell
>> Mountain View, CA
>> 
>> 
>> 
>> 
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170915/e002e90a/attachment.bin>

More information about the clamav-users mailing list