[clamav-users] DWFx files tagged as Xml.Exploit.CVE_2018_4975-6545149-0
Alain Zidouemba
azidouemba at sourcefire.com
Thu Jun 21 17:12:11 UTC 2018
We actually got another FP report for the signature
Xml.Exploit.CVE_2018_4975-6545149-0 triggering on AutoCAD DWFx files. We
dropped Xml.Exploit.CVE_2018_4975-6545149-0 from the signature set earlier
today pending further investigation on how the signature could be
re-written to avoid FPs on these DWFx files.
- Alain
On Thu, Jun 21, 2018 at 12:27 PM, Brian Gawith <bgawith at btgrp.com> wrote:
> We use a replication platform that has ClamAV baked in so can't really use
> the standard whitelist procedures, or at least not that I am aware of.
> Anyway we are getting a bunch of our AutoCAD DWFx files that are being
> tagged for the virus Xml.Exploit.CVE_2018_4975-6545149-0. I can't figure
> out exactly what the exploit is and what it does. If I can point to what
> exactly the exploit is I can go to Autodesk and see if they have a hotfix
> for the problem. Otherwise we are stuck. The real problem seems to be that
> once the file is tagged it strips out the redlines our team does and then
> when it syncs down to the remote servers they can't figure out what they
> are supposed to change.
>
> Any help with what that exploit is so that I can communicate it to the
> software manufacturer and find a solution would be greatly appreciated.
>
> Brian Gawith
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180621/e1829ffc/attachment.htm>
More information about the clamav-users
mailing list