Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Groach via clamav-users Fri, 31 May 2019 06:52:04 -0700

Yes.  It has since stopped reporting from Sunday.


On 29/05/2019 15:07, David Raynor wrote:

Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 thatwas published on the morning of the 28th. If you got that version or25464 from this morning you should be fine.


Dave R.

On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users<clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>wrote:


    Since 25th May, my email system (according to this new signature)
    is rife with a virus that didnt (and still doesnt) exist in these
    historic emails.?? These emails (an extract of the scan results is
    shown below) have PDF's in them but are without risk.?? Can we
    drop this signature please?

    Thanks


    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND
    D:\Datastore\hMailData\mydomain.net
    <http://mydomain.net>\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
    Win.Exploit.CVE_2019_0758-6968262-1 FOUND

    and several hundred more

    _______________________________________________

    clamav-users mailing list
    clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
    https://lists.clamav.net/mailman/listinfo/clamav-users


    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq

    http://www.clamav.net/contact.html#ml



--
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com <mailto:dray...@sourcefire.com>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives

Reply via email to