I'm also getting some excel files flagged by the same signature,
excel files that are supposed to be clean by other commercial antiviruses
two files from my amavis quarantine folder scanned with actual
signatures:
[root@correio shm]# clamdscan -v virus-2017*
/dev/shm/virus-20170912T100210-14568-04-oYAqsgllorwh:
BC.Win.Exploit.CVE_2017_11244-6335828-0 FOUND
/dev/shm/virus-20170913T105721-11777-15-NJFMBYpgy4B5:
BC.Win.Exploit.CVE_2017_11244-6335828-0 FOUND
signatures i'm running
[root@correio shm]# freshclam
ClamAV update process started at Wed Sep 13 11:27:06 2017
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)
daily.cvd is up to date (version: 23823, sigs: 1742928, f-level: 63,
builder: neo)
bytecode.cld is up to date (version: 311, sigs: 74, f-level: 63,
builder: neo)
unfortunelly these are corporate files and i cannot submit them for
analysis :(
Em 11/09/17 16:06, Judd Grayzel escreveu:
My Synology Diskstation running the Anti-Virus Essentials (ClamAV based engine)
quarantined almost 1000 files for the CVE-2017-11241 vulnerability. This CVE
references a problem with Adobe Acrobat, but the files that are being
quarantined are Microsoft Excel fIles.
Do these files really have a virus of some sort, or is this a False/Positive
situation?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml