[clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Groach groachmail-help at yahoo.com
Thu May 30 07:08:09 UTC 2019 

Yes.  It has since stopped reporting from Sunday.


On 29/05/2019 15:07, David Raynor wrote:
> Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that 
> was published on the morning of the 28th. If you got that version or 
> 25464 from this morning you should be fine.
>
> Dave R.
>
> On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users 
> <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>> 
> wrote:
>
>     Since 25th May, my email system (according to this new signature)
>     is rife with a virus that didnt (and still doesnt) exist in these
>     historic emails.?? These emails (an extract of the scan results is
>     shown below) have PDF's in them but are without risk.?? Can we
>     drop this signature please?
>
>     Thanks
>
>
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>     D:\Datastore\hMailData\mydomain.net
>     <http://mydomain.net>\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
>     Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
>     and several hundred more
>
>     _______________________________________________
>
>     clamav-users mailing list
>     clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>     Help us build a comprehensive ClamAV guide:
>     https://github.com/vrtadmin/clamav-faq
>
>     http://www.clamav.net/contact.html#ml
>
>
>
> -- 
> ---
> Dave Raynor
> Talos Security Intelligence and Research Group
> draynor at sourcefire.com <mailto:draynor at sourcefire.com>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190530/358c6203/attachment.htm>

More information about the clamav-users mailing list