On Wed, August 10, 2016 10:52 am, Jan-Pieter Cornet wrote: > On 10-8-16 08:22, ANANT S ATHAVALE wrote: > >> Hi, >> >> >> Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is >> this a false positive? > > Created a completely empty .doc file using LibreOffice on linux, and the > resulting file was recognized as Win.Exploit.CVE_2016_3316-1. > If you have a sample could you throw me a copy, as I've created a few blank files on libreoffice and scanned with clamav and no hits.
create a ticket and upload: http://sanesecurity.org/hesk/ If it is an fp, then I've like to add this "blank" file to my ham folder so Sanesecurity sigs won't hit in the future either. Cheers, Steve Web : sanesecurity.com Twitter: @sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml