Yes, I have submit the file many times. File name: omni.ja SHA256: 5e852b33f716fb6b81bc75d762372a105f04dcdab07a621eddb8507970dbd0b6
On Mon, 23 Oct 2017 23:48:26 -0700 Al Varnell <alvarn...@mac.com> wrote: > Did you submit a sample of it as a false positive report? If so please reply > with a hash value for the file you submitted. > > Sent from my iPhone > > -Al- > -- > Al Varnell > Mountain View, CA > > > On Oct 23, 2017, at 9:50 PM, Tsutomu Oyamada <oyam...@promark-inc.com> > > wrote: > > > > Hi, Joel. > > > > Thank you. > > The issue of false positive for Html.Exploit.CVE_2017_8750-6336209-0 has > > been solved, > > but the issue of Html.Exploit.CVE_2017_8757-6336185-0 has not been solved > > yet. > > > > Could you Drop this signature as well ? > > > > > > On Fri, 20 Oct 2017 14:47:24 +0000 > > "Joel Esler (jesler)" <jes...@cisco.com> wrote: > > > >> All ? > >> > >> This signature has been dropped. > >> > >> -- > >> Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> > >> > >> > >> > >> > >> > >> > >> On Oct 20, 2017, at 8:30 AM, Gene Heskett > >> <ghesk...@shentel.net<mailto:ghesk...@shentel.net>> wrote: > >> > >> On Friday 20 October 2017 02:06:38 Al Varnell wrote: > >> > >> I assume we are all still talking about > >> Html.Exploit.CVE_2017_8750-6336209-0? > >> > >> Gene, I believe your report was an omni.ja files infected with > >> Html.Exploit.CVE_2017_8757-6336185-0. > >> > >> Since it was the same file, I suppose I missed that the CVE had changed. > >> Anyway, its the above number I've been looking at every morning for a > >> couple weeks. I figured my previous msg was sufficient. My bad. > >> > >> They have both been dealt with locally by ClamXAV, but I've not seen > >> either listed as dropped by ClamAV yet. > >> > >> Different versions of Firefox on different platforms. > >> > >> -Al- > >> > >> On Thu, Oct 19, 2017 at 10:24 PM, Gene Heskett wrote: > >> On Friday 20 October 2017 00:24:20 Tsutomu Oyamada wrote: > >> Hi, > >> > >> The false positive for omni.ja is still ocurring. > >> I have been reported this many times, but it has not fixed yet. > >> > >> I have been troubled with this issue. > >> What am I supposed to do? > >> > >> I too have reported this, but nothing is being done. > >> > >> On Sat, 23 Sep 2017 09:53:30 -0400 > >> > >> Gene Heskett <ghesk...@shentel.net<mailto:ghesk...@shentel.net> > >> <mailto:ghesk...@shentel.net>> > >> wrote: > >> On Saturday 23 September 2017 03:59:17 Al Varnell wrote: > >> note correction in subject file location > >> > >> So here are the facts with regard to > >> Html.Exploit.CVE_2017_8750-6336209-0 (which is not the same as > >> previously reported in this thread). It was just added to the > >> database about fifteen hours ago in daily - 23863 and is looking > >> for two strings which you can observer by using the following > >> (I'm not posting it here so this e-mail won't be detected as > >> infected): > >> > >> sigtool -fHtml.Exploit.CVE_2017_8750-6336209-0|sigtool > >> --decode-sigs > >> > >> CVE-2017-8750 is described as > >> <https://nvd.nist.gov/vuln/detail/CVE-2017-8750 > >> <https://nvd.nist.gov/vuln/detail/CVE-2017-8750>>: "Internet > >> Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, > >> Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and > >> Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, > >> 1607, 1703, and Windows Server 2016 allow an attacker to execute > >> arbitrary code in the context of the current user due to the way > >> that Microsoft browsers access objects in memory, aka "Microsoft > >> Browser Memory Corruption Vulnerability"." > >> > >> so it's not a threat to your platform unless you are also running > >> Windows somehow. > >> > >> I've a bounty on windows here, nuke on encounter. > >> > >> My power just came back so I scanned my Firefox 55.0.3 for Mac > >> and it tested clean. Taking a look at the omni.ja file I see 109 > >> occurrences of the first string, but not the second. > >> > >> So at this point I'll just repeat my advise from before to submit > >> that file to <http://www.clamav.net/reports/fp > >> <http://www.clamav.net/reports/fp>> then return here and report a > >> hash value. > >> > >> Means to determine hash? I'll assume sha256sum here > >> > >> gene@coyote:~/firefox/browser$ sha256sum omni.ja > >> 2dafa74b0c099130313a9375d433f6d93fb8f672f1620e28221b6573ed0ae348 > >> omni.ja > >> > >> Thanks Al > >> > >> On Sat, Sep 23, 2017 at 12:12 AM, Gene Heskett wrote: > >> On Saturday 23 September 2017 02:32:48 Al Varnell wrote: > >> Power out here so cannot check. Was negative when I looked at > >> macOS version last week. > >> > >> What OS? > >> > >> 32 bit wheezy,on an AMD phenom, all up to date. uname -a > >> > >> 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.39-1+deb8u1~bpo70+1 > >> (2017-02-24) x86_64 GNU/Linux > >> > >> Thank you Al. > >> > >> Sent from my iPhone > >> > >> -Al- > >> > >> Cheers, Gene Heskett > >> > >> -Al- > >> > >> Cheers, Gene Heskett > >> -- > >> "There are four boxes to be used in defense of liberty: > >> soap, ballot, jury, and ammo. Please use in that order." > >> -Ed Howdershelt (Author) > >> Genes Web page <http://geneslinuxbox.net:6309/gene > >> <http://geneslinuxbox.net:6309/gene>> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> > >> <mailto:clamav-users@lists.clamav.net> > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> > >> <mailto:clamav-users@lists.clamav.net> > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > >> Cheers, Gene Heskett > >> > >> -Al- > >> > >> > >> Cheers, Gene Heskett > >> -- > >> "There are four boxes to be used in defense of liberty: > >> soap, ballot, jury, and ammo. Please use in that order." > >> -Ed Howdershelt (Author) > >> Genes Web page <http://geneslinuxbox.net:6309/gene> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > > > > > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml