We are looking into it and will get back to you shortly. - Alain
On Fri, May 9, 2014 at 9:06 AM, Bill Bennert <b...@webreply.com> wrote: > The clamav false positive submission system will not accept my entry and > says that it is not detected by ClamAV. This is not a virus, not > malware, this is a PHP test file for the PHP source. The released > version for my dist is 0.98.1 but the submission system said to use the > latest version, so I compiled 0.98.3 and came up with the same results > on the latest database. Now I'm posting here to hopefully get it into > the false positive list upon confirmation. If this is not the right > place to post it, please point me in the right direction. After a lot of > searches I have been unable to find any other real reference to this issue. > > This is the test file in the PHP git repository. > https://github.com/php/php-src/blob/master/ext/tidy/tests/bug54682.phpt > > Adding the -z flag to clamscan will make it visible. With no options > clamscan sees the file as OK. > > $ clamscan -z /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt > /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt: > PHP.Exploit.CVE_2011_4153-3 FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 3358731 > Engine version: 0.98.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 10.410 sec (0 m 10 s) > > The only other possible record of this issue I was able to find is the > following. No guarantee it's actually related, since the thread dies > almost instantly with no resolution: > http://www.gossamer-threads.com/lists/clamav/users/56288 > > Thank you for your help, > -Bill > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml