[clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0
Puneet Bhootra
pbhootra at salesforce.com
Mon Dec 20 17:38:20 UTC 2021
Hi
Is there any update on whether this has been resolved? I see many
signatures related to this CVE.
Also, since this is an exploit/vulnerability, is ClamAV supposed to detect
this considering its a malware/virus detection tool.
Regards
Puneet
On Fri, Dec 17, 2021 at 3:30 AM Micah Snyder (micasnyd) <micasnyd at cisco.com>
wrote:
> Hi Puneet,
>
> Thank you for submitting the FP reports through our web form.
> Our malware research team is actively working on improving the signatures
> related to CVE-2021-44228.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ------------------------------
> *From:* clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of
> Puneet Bhootra via clamav-users <clamav-users at lists.clamav.net>
> *Sent:* Thursday, December 16, 2021 11:32 AM
> *To:* clamav-users at lists.clamav.net <clamav-users at lists.clamav.net>
> *Cc:* Puneet Bhootra <pbhootra at salesforce.com>; Himanshu Kumar <
> himanshukumar at salesforce.com>
> *Subject:* Re: [clamav-users] Lot of false positives detected from
> signature Java.Malware.CVE_2021_44228-9915814-0
>
>
> Hi
>
> We are seeing lot of false positives being generated from this signature.
> Java.Malware.CVE_2021_44228-9915814-0
> which has resulted in the quarantine of a lot of java applications running
> in our environments.
>
> It seems for this CVE there are other signatures as well which detects
> this - Exploit.CVE_2021_44228-9914600 and Exploit.CVE_2021_44228-9914601
>
> So, this one Java.Malware.CVE_2021_44228-9915814-0 is kind of redundant
> and since it is generating a lot of false positives also, please remove
> this from the daily.cld.
>
> I have also submitted a false positive report for the same.
> Can someone please check and take appropriate action on this?
>
>
--
<https://smart.salesforce.com/sig/pbhootra//us_mb/default/link.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20211220/c0fd8e61/attachment.htm>
More information about the clamav-users
mailing list