Hi Puneet,

Thank you for submitting the FP reports through our web form.
Our malware research team is actively working on improving the signatures related to CVE-2021-44228.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Puneet Bhootra via clamav-users <clamav-users@lists.clamav.net>
Sent: Thursday, December 16, 2021 11:32 AM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Puneet Bhootra <pbhootra@salesforce.com>; Himanshu Kumar <himanshukumar@salesforce.com>
Subject: Re: [clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0
 
Hi

We are seeing lot of false positives being generated from this signature.
Java.Malware.CVE_2021_44228-9915814-0
which has resulted in the quarantine of a lot of java applications running in our environments.

It seems for this CVE there are other signatures as well which detects this - Exploit.CVE_2021_44228-9914600 and Exploit.CVE_2021_44228-9914601

So, this one Java.Malware.CVE_2021_44228-9915814-0 is kind of redundant and since it is generating a lot of false positives also, please remove this from the daily.cld.

I have also submitted a false positive report for the same.
Can someone please check and take appropriate action on this?