There seems to be some problem with the system that drops signatures over the last three days. daily - 21954 thru 21971 appeared to be identical attempts to ignore 33 signatures and 21972 was the first to also include any new signatures.
The ClamAV Virus Database Search site confirms what you found: <http://clamav-du.securesites.net/cgi-bin/clamgrok?virus=Xml.Exploit.CVE_2013_3860-1&search-type=contains&case-sensitivity=No&database=daily&database=main&display=database&display=virus&.submit=Submit&.cgifields=database&.cgifields=search-type&.cgifields=case-sensitivity&.cgifields=display> -Al- > I checked few minutes ago but it is still present also with the new > definitions updated! > > --- cut here --- > # freshclam > ClamAV update process started at Tue Jul 26 09:42:49 2016 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.99 Recommended version: 0.99.2 > DON'T PANIC! Read http://www.clamav.net/support/faq > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > > Downloading daily-21972.cdiff [100%] > daily.cld updated (version: 21972, sigs: 454200, f-level: 63, builder: neo) > > bytecode.cld is up to date (version: 283, sigs: 53, f-level: 63, builder: neo) > Database updated (4673043 signatures) from db.it.clamav.net (IP: > 90.147.160.69) > .... > > # clamscan /usr/share/doc/libxml2-python-2.7.6/reader2.py > /usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1 > FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 4667645 > Engine version: 0.99 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.01 MB > Data read: 0.00 MB (ratio 2.00:1) > Time: 14.303 sec (0 m 14 s) > [root@prdfeec01 clamav]# > --- cut here --- > > Vahid > > -----Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf > Of Alain Zidouemba > Sent: lunedì 25 luglio 2016 17:13 > To: ClamAV users ML > Subject: Re: [clamav-users] CVE_2013_3860-1 > > Xml.Exploit.CVE_2013_3860-1 has been dropped. > > Thanks, > > - Alain > > On Sun, Jul 24, 2016 at 11:51 AM, Al Varnell <alvarn...@mac.com> wrote: > >> There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily: >> 20352 on Apr 20, 2015 which was found to be producing FP’s and was >> removed by daily: 20358. >> >> The current Xml.Exploit.CVE_2013_3860-1 was re-introduced by daily - >> 21939 on Jul 20, 2016 and I know of one ClamXav user reporting what he >> believes to be an FP, but waiting on details. Not sure whether the >> two signatures are the same or not. >> >> -Al- >> >> On Jul 24, 2016, at 7:14 AM, c chupela <cnctem...@yahoo.com> wrote: >> >>> My Clamav installation, engine version .99, signature daily.cld >>> updated >> (version: 21959, sigs: 454048, f-level: 63, builder: neo)bytecode.cld >> is up to date (version: 283, sigs: 53, f-level: 63, builder: neo) >>> >>> flagging /usr/share/doc/libxml2-python-2.7.6/reader2.py: >> Xml.Exploit.CVE_2013_3860-1 >>> >>> I see some discussion online that alludes to this being a false >> positive, is this the case? >>> Thanks >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
