[clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0
Christopher Marczewski
cmarczewski at sourcefire.com
Mon Dec 20 20:34:15 UTC 2021
Hi Puneet,
Java.Malware.CVE_2021_44228-9915814-0 has been revised to
Java.Malware.CVE_2021_44228-9915814-2 (revision 2). Please ensure you're
using the latest daily CVD.
Signatures are targeting malware leveraging CVE-2021-44228, in addition to
targeting resulting payload Java classes.
On Mon, Dec 20, 2021 at 12:38 PM Puneet Bhootra via clamav-users <
clamav-users at lists.clamav.net> wrote:
> Hi
>
> Is there any update on whether this has been resolved? I see many
> signatures related to this CVE.
> Also, since this is an exploit/vulnerability, is ClamAV supposed to detect
> this considering its a malware/virus detection tool.
>
> Regards
> Puneet
>
> On Fri, Dec 17, 2021 at 3:30 AM Micah Snyder (micasnyd) <
> micasnyd at cisco.com> wrote:
>
>> Hi Puneet,
>>
>> Thank you for submitting the FP reports through our web form.
>> Our malware research team is actively working on improving the signatures
>> related to CVE-2021-44228.
>>
>> Regards,
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>> ------------------------------
>> *From:* clamav-users <clamav-users-bounces at lists.clamav.net> on behalf
>> of Puneet Bhootra via clamav-users <clamav-users at lists.clamav.net>
>> *Sent:* Thursday, December 16, 2021 11:32 AM
>> *To:* clamav-users at lists.clamav.net <clamav-users at lists.clamav.net>
>> *Cc:* Puneet Bhootra <pbhootra at salesforce.com>; Himanshu Kumar <
>> himanshukumar at salesforce.com>
>> *Subject:* Re: [clamav-users] Lot of false positives detected from
>> signature Java.Malware.CVE_2021_44228-9915814-0
>>
>>
>> Hi
>>
>> We are seeing lot of false positives being generated from this signature.
>> Java.Malware.CVE_2021_44228-9915814-0
>> which has resulted in the quarantine of a lot of java applications
>> running in our environments.
>>
>> It seems for this CVE there are other signatures as well which detects
>> this - Exploit.CVE_2021_44228-9914600 and Exploit.CVE_2021_44228-9914601
>>
>> So, this one Java.Malware.CVE_2021_44228-9915814-0 is kind of redundant
>> and since it is generating a lot of false positives also, please remove
>> this from the daily.cld.
>>
>> I have also submitted a false positive report for the same.
>> Can someone please check and take appropriate action on this?
>>
>>
>
> --
>
> <https://smart.salesforce.com/sig/pbhootra//us_mb/default/link.html>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20211220/f83afb8f/attachment.htm>
More information about the clamav-users
mailing list