Bill, The ClamAV alert for the test file you provided is not a false positive. It is actually a true positive.
- Alain On Fri, May 9, 2014 at 9:25 AM, Alain Zidouemba <azidoue...@sourcefire.com>wrote: > We are looking into it and will get back to you shortly. > > - Alain > > > On Fri, May 9, 2014 at 9:06 AM, Bill Bennert <b...@webreply.com> wrote: > >> The clamav false positive submission system will not accept my entry and >> says that it is not detected by ClamAV. This is not a virus, not >> malware, this is a PHP test file for the PHP source. The released >> version for my dist is 0.98.1 but the submission system said to use the >> latest version, so I compiled 0.98.3 and came up with the same results >> on the latest database. Now I'm posting here to hopefully get it into >> the false positive list upon confirmation. If this is not the right >> place to post it, please point me in the right direction. After a lot of >> searches I have been unable to find any other real reference to this >> issue. >> >> This is the test file in the PHP git repository. >> https://github.com/php/php-src/blob/master/ext/tidy/tests/bug54682.phpt >> >> Adding the -z flag to clamscan will make it visible. With no options >> clamscan sees the file as OK. >> >> $ clamscan -z /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt >> /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt: >> PHP.Exploit.CVE_2011_4153-3 FOUND >> >> ----------- SCAN SUMMARY ----------- >> Known viruses: 3358731 >> Engine version: 0.98.1 >> Scanned directories: 0 >> Scanned files: 1 >> Infected files: 1 >> Data scanned: 0.00 MB >> Data read: 0.00 MB (ratio 0.00:1) >> Time: 10.410 sec (0 m 10 s) >> >> The only other possible record of this issue I was able to find is the >> following. No guarantee it's actually related, since the thread dies >> almost instantly with no resolution: >> http://www.gossamer-threads.com/lists/clamav/users/56288 >> >> Thank you for your help, >> -Bill >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/support/ml >> > > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
