[clamav-users] DWFx files tagged as Xml.Exploit.CVE_2018_4975-6545149-0

Brian Gawith bgawith at btgrp.com
Thu Jun 21 17:21:19 UTC 2018 

That may have been us as well. We sent in a report earlier this week but hadn't heard anything and were still having the issue so I figure I would reach out and see if there was anything else I could do.

-Brian Gawith, I.T. Services Manager 

From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of Alain Zidouemba
Sent: Thursday, June 21, 2018 12:12 PM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] DWFx files tagged as Xml.Exploit.CVE_2018_4975-6545149-0

We actually got another FP report for the signature Xml.Exploit.CVE_2018_4975-6545149-0 triggering on AutoCAD DWFx files. We dropped Xml.Exploit.CVE_2018_4975-6545149-0 from the signature set earlier today pending further investigation on how the signature could be re-written to avoid FPs on these DWFx files.

- Alain

On Thu, Jun 21, 2018 at 12:27 PM, Brian Gawith <mailto:bgawith at btgrp.com> wrote:
We use a replication platform that has ClamAV baked in so can't really use the standard whitelist procedures, or at least not that I am aware of. Anyway we are getting a bunch of our AutoCAD DWFx files that are being tagged for the virus Xml.Exploit.CVE_2018_4975-6545149-0. I can't figure out exactly what the exploit is and what it does. If I can point to what exactly the exploit is I can go to Autodesk and see if they have a hotfix for the problem. Otherwise we are stuck. The real problem seems to be that once the file is tagged it strips out the redlines our team does and then when it syncs down to the remote servers they can't figure out what they are supposed to change.

Any help with what that exploit is so that I can communicate it to the software manufacturer and find a solution would be greatly appreciated.

Brian Gawith 



_______________________________________________
clamav-users mailing list
mailto:clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list