[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Wed May 29 14:07:23 UTC 2019

 Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was
published on the morning of the 28th. If you got that version or 25464 from
this morning you should be fine.

Dave R.

On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users <
clamav-users at lists.clamav.net> wrote:

> Since 25th May, my email system (according to this new signature) is rife
> with a virus that didnt (and still doesnt) exist in these historic
> emails.?? These emails (an extract of the scan results is shown below) have
> PDF's in them but are without risk.?? Can we drop this signature please?
>
> Thanks
>
>
> D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
> and several hundred more
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
draynor at sourcefire.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190529/703d5b7e/attachment.htm>