Hi

Is there any update on whether this has been resolved? I see many signatures related to this CVE.

Also, since this is an exploit/vulnerability, is ClamAV supposed to detect this considering its a malware/virus detection tool.

Regards

Puneet

On Fri, Dec 17, 2021 at 3:30 AM Micah Snyder (micasnyd) <micasnyd@cisco.com> wrote:

Hi Puneet,

Thank you for submitting the FP reports through our web form.

Our malware research team is actively working on improving the signatures related to CVE-2021-44228.

Regards,

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

---

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Puneet Bhootra via clamav-users <clamav-users@lists.clamav.net>
Sent: Thursday, December 16, 2021 11:32 AM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Puneet Bhootra <pbhootra@salesforce.com>; Himanshu Kumar <himanshukumar@salesforce.com>
Subject: Re: [clamav-users] Lot of false positives detected from signature Java.Malware.CVE_2021_44228-9915814-0

 

Hi

We are seeing lot of false positives being generated from this signature.

Java.Malware.CVE_2021_44228-9915814-0

which has resulted in the quarantine of a lot of java applications running in our environments.

It seems for this CVE there are other signatures as well which detects this - Exploit.CVE_2021_44228-9914600 and Exploit.CVE_2021_44228-9914601

So, this one Java.Malware.CVE_2021_44228-9915814-0 is kind of redundant and since it is generating a lot of false positives also, please remove this from the daily.cld.

I have also submitted a false positive report for the same.

Can someone please check and take appropriate action on this?

--

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml