[clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0
Micah Snyder (micasnyd)
micasnyd at cisco.com
Thu Dec 16 22:00:06 UTC 2021
Hi Puneet,
Thank you for submitting the FP reports through our web form.
Our malware research team is actively working on improving the signatures related to CVE-2021-44228.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Puneet Bhootra via clamav-users <clamav-users at lists.clamav.net>
Sent: Thursday, December 16, 2021 11:32 AM
To: clamav-users at lists.clamav.net <clamav-users at lists.clamav.net>
Cc: Puneet Bhootra <pbhootra at salesforce.com>; Himanshu Kumar <himanshukumar at salesforce.com>
Subject: Re: [clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0
Hi
We are seeing lot of false positives being generated from this signature.
Java.Malware.CVE_2021_44228-9915814-0
which has resulted in the quarantine of a lot of java applications running in our environments.
It seems for this CVE there are other signatures as well which detects this - Exploit.CVE_2021_44228-9914600 and Exploit.CVE_2021_44228-9914601
So, this one Java.Malware.CVE_2021_44228-9915814-0 is kind of redundant and since it is generating a lot of false positives also, please remove this from the daily.cld.
I have also submitted a false positive report for the same.
Can someone please check and take appropriate action on this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20211216/67bd4f99/attachment.htm>
More information about the clamav-users
mailing list