[clamav-users] State of false-positive message evaluation for Img.Exploit.CVE_2017_3049-6268090-0
Andreas Rulle
andreas.rulle at itek.de
Fri May 7 19:43:56 UTC 2021
Hello Al, thank you for your quick and profound reply.
Yes, of course as the subject indicates a false positive report has been
issued on the clamav.net website. And a screenshot of the
clamav.net/reports/success page with the message "Report Submitted /
Thank you for your submission. Your submission has been sent to the
detection team for further review" has been documented internally.
Yes, of course, CVE_2017_3049 was/is serious. And the detection message
has our attention.
i) Well, stat says that the file was last modified in November 2020
on the system. Since then Clamav has scanned the file without a
detection message once a week.
ii) At 2021-05-07 07:45:18 UTC this week the other 57 anti virus
software programs have reported "Undetected" in the quoted virustotal
report.
iii) But this week clamav has reported the detection file on this file.
On our system and on virustotal.
Any help from you to clarify this issue is highly appreciated. If you
need further information please do not hesitate to ask for them. With
kind regards, Andreas
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210507/a273cbbd/attachment.htm>
More information about the clamav-users
mailing list