[clamav-users] State of false-positive message evaluation for Img.Exploit.CVE_2017_3049-6268090-0
Al Varnell
alvarnell at mac.com
Fri May 7 11:03:56 UTC 2021
One additional note. That signature has been in the ClamAV.ldb database since 19 Apr 2017 back when first defined, making it relatively unlikely to be a false positive at this point in time.
Also note from the CVE-2017-3049 detail <https://nvd.nist.gov/vuln/detail/CVE-2017-3049> that it was at the time considered to be a High threat to Adobe Acrobat Reader versions back then. I'm certain that Adobe has eliminated the threat by now in modern versions, but that doesn't render any exploit as a false positive since it could still be used to target users who still need to run those older applications for economic or other reasons.
-Al-
Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-essential-email>, the email extension that does it all
On May 7, 2021, at 00:59, Al Varnell <alvarnell at mac.com> wrote:
> Prof Rulle,
>
> I believe you mean a false positive, don't you? A false negative would be a failure to report, but clearly ClamAV does detect this.
>
> The proper way to report this would be to file a False Positive Report here: <https://www.clamav.net/reports/fp <https://www.clamav.net/reports/fp>>. If you can also provide a hash value of file in question back here, that might speed up the process. Simply verifying one of these hash values from the VirusTotal report will work:
>
> MD5 <>04267b6af9a1bad85d5cd6aecb1e4d28 <>
> SHA-1 <>cf7d73066f921fc7101c06aebc5e090cebffd2b2 <>
> SHA-256 <>7563a2b175d3c48069960e0290ac08e3f379cd74307e44c995df52d5dc6fc002
> <>
>
>
> Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-essential-email>, the email extension that does it all
>
> -Al-
> ClamXAV User
>
> On May 6, 2021, at 23:46, Andreas Rulle <andreas.rulle at itek.de <mailto:andreas.rulle at itek.de>> wrote:
>> Hi, thank you for your great service to internet security!
>>
>> A false negative report has been issued this week for Img.Exploit.CVE_2017_3049-6268090-0, see also the virus total report under [1].
>>
>> The issue has to be handled under the General Data Protection Regulation (GDPR). Therefore I would politely like to ask for the evaluation state of that false negative report.
>>
>> Thanks in advance for your kind response.
>>
>> [1] https://www.virustotal.com/gui/file/7563a2b175d3c48069960e0290ac08e3f379cd74307e44c995df52d5dc6fc002/detection <https://www.virustotal.com/gui/file/7563a2b175d3c48069960e0290ac08e3f379cd74307e44c995df52d5dc6fc002/detection>
>> --
>>
>>
>> P.S. Abonnieren Sie unseren Newsletter zu den aktuellen Themen der Standardisierung und IT-Lösungen in Ihrer Branche!
>> https://www.itek.de/aktuelles/newsletter <https://www.itek.de/aktuelles/newsletter>
>>
>>
>> ITEK Technologie GmbH
>> Technologiepark 14
>> 33100 Paderborn
>>
>> Tel. +49 5251 / 16140
>> Fax +49 5251 / 161499
>> www.itek.de <http://www.itek.de/>
>> mailto: Andreas Rulle at itek.de <mailto:Rulle at itek.de>
>>
>> Geschäftsführer: Prof. Dr. Uwe Kern
>> Registergericht /-nummer: Paderborn / HRB 13522
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210507/85f43a01/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4376 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210507/85f43a01/attachment.bin>
More information about the clamav-users
mailing list