[clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

Mon, 10 Dec 2012 07:01:09 -0800 

Hello List
I have a zip file containing a .pptx file which ClamAV claims to be "BC.Exploit.CVE_2012_1885-1". But virustotal and virscan.org have no complain at all. 

https://www.virustotal.com/file/09c5de164928c88b6ee370677242a4d69a00a88ecbd044af656f17fc54665fea/analysis/1355131094/

http://r.virscan.org/report/45504bdcc2b03dc967c5fedc3e609c4c.html

Therefore i beleive it is a false positive. But:

http://www.clamav.net/lang/en/sendvirus/submit-fp

tells me:

------------------------------
Result:

This file is not detected by ClamAV. Please update your CVD database 
before reporting false-positives. If you are using third-party 
databases/unofficial signatures, please contact the author of the 
signature. We can only process false-positives generated by ClamAV 
Official signatures.



Please correct the above errors and retry. Thank you for helping the 
ClamAV project.

------------------------------

* ClamAV 0.97.6/15708/Mon Dec 10 04:27:19 2012


* bytecode.cvd: Clam AntiVirus database 07 Dec 2012 11-56 -0500, version 
203, gzipped
* daily.cvd:    Clam AntiVirus database 09 Dec 2012 22-27 -0500, version 
1570, gzipped
* main.cvd:     Clam AntiVirus database 11 Oct 2011 10-34 -0400, version 
54, gzipped



* Here some Debug Output
LibClamAV debug: Bytecode found virus: BC.Exploit.CVE_2012_1885-1
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: BC.Exploit.CVE_2012_1885-1 found in descriptor 4

LibClamAV debug: FP SIGNATURE: 
5f0acbdb343776f56a64efae302cb581:177664:BC.Exploit.CVE_2012_1885-1

LibClamAV debug: cli_magic_scandesc: returning 1  at line 2388

LibClamAV debug: FP SIGNATURE: 
c7054cb8e0d78fbb65929c5fbed889ab:22415087:BC.Exploit.CVE_2012_1885-1

LibClamAV debug: cli_magic_scandesc: returning 1  at line 2350

Can somebody tell me anything more?

Best regards
Matthias
--
Matthias Egger
ETH Zurich
Department of Information Technology          maeg...@ee.ethz.ch
and Electrical Engineering
IT Support Group (ISG.EE), ETL/F/24.1         Phone +41 (0)44 632 03 90
Physikstrasse 3, CH-8092 Zurich               Fax   +41 (0)44 632 11 95
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml






















					Reply via email to