Hello List
I have a zip file containing a .pptx file which ClamAV claims to be
"BC.Exploit.CVE_2012_1885-1". But virustotal and virscan.org have no
complain at all.
https://www.virustotal.com/file/09c5de164928c88b6ee370677242a4d69a00a88ecbd044af656f17fc54665fea/analysis/1355131094/
http://r.virscan.org/report/45504bdcc2b03dc967c5fedc3e609c4c.html
Therefore i beleive it is a false positive. But:
http://www.clamav.net/lang/en/sendvirus/submit-fp
tells me:
------------------------------
Result:
This file is not detected by ClamAV. Please update your CVD database
before reporting false-positives. If you are using third-party
databases/unofficial signatures, please contact the author of the
signature. We can only process false-positives generated by ClamAV
Official signatures.
Please correct the above errors and retry. Thank you for helping the
ClamAV project.
------------------------------
* ClamAV 0.97.6/15708/Mon Dec 10 04:27:19 2012
* bytecode.cvd: Clam AntiVirus database 07 Dec 2012 11-56 -0500, version
203, gzipped
* daily.cvd: Clam AntiVirus database 09 Dec 2012 22-27 -0500, version
1570, gzipped
* main.cvd: Clam AntiVirus database 11 Oct 2011 10-34 -0400, version
54, gzipped
* Here some Debug Output
LibClamAV debug: Bytecode found virus: BC.Exploit.CVE_2012_1885-1
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: BC.Exploit.CVE_2012_1885-1 found in descriptor 4
LibClamAV debug: FP SIGNATURE:
5f0acbdb343776f56a64efae302cb581:177664:BC.Exploit.CVE_2012_1885-1
LibClamAV debug: cli_magic_scandesc: returning 1 at line 2388
LibClamAV debug: FP SIGNATURE:
c7054cb8e0d78fbb65929c5fbed889ab:22415087:BC.Exploit.CVE_2012_1885-1
LibClamAV debug: cli_magic_scandesc: returning 1 at line 2350
Can somebody tell me anything more?
Best regards
Matthias
--
Matthias Egger
ETH Zurich
Department of Information Technology maeg...@ee.ethz.ch
and Electrical Engineering
IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90
Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml