Unsubscribe
> On 24 Jan 2017, at 14:42, Alain Zidouemba <azidoue...@sourcefire.com> wrote: > > Thanks Mark. We're taking a look at this now. > > - Alain > > On Tue, Jan 24, 2017 at 5:53 AM, Mark Allan <markjal...@gmail.com> wrote: > >> Hi, >> >> I've received a few reports of FPs with the signature >> Java.Exploit.CVE_2012_1723-8. I can't upload a sample because, of all >> places, it's being detected in the scan log which could contain sensitive >> information. >> >> Apart from the fact that it's very generic, looking only for a single >> short string, I see it's also looking for the "ANY FILE" type (0). I've >> seen this a number of times with FPs lately, why are java sigs written to >> detect filetype 0 rather than type 12 which is specifically for Java >> Classes? >> >> VIRUS NAME: Java.Exploit.CVE_2012_1723-8 >> TARGET TYPE: ANY FILE >> OFFSET: * >> DECODED SIGNATURE: >> msf_/_x_/_PayloadX.class >> >> Cheers >> Mark >> >> PS. I padded the decoded signature with underscores to avoid this email >> being detected as infected. >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml Sergio Fernandez Technical Consultant Albion Computers Plc 112 Strand London WC2R 0AG Tel: 0207 212 9060 Fax: 0207 240 6785 _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
