Re: [clamav-users] swift.doc Doc.Dropper.Agent-1776597

2016-10-21 Thread Steven Morgan 
The problem report for this issue is
https://bugzilla.clamav.net/show_bug.cgi?id=11651.

Steve

On Wed, Oct 19, 2016 at 5:29 PM, Joel Esler (jesler) 
wrote:

> Yup, that’s one of mine.  Glad to see my system is working ;)
>
> As far as why it didn’t work, I’ll have to defer this to Steve on the dev
> team.
>
> --
> Joel Esler | Talos: Manager| jes...@cisco.com
>
>
>
>
>
> On Oct 19, 2016, at 10:16 AM, Steve Basford  com> wrote:
>
>
> On Wed, October 19, 2016 3:12 pm, Joel Esler (jesler) wrote:
> Heino,
>
>
> Can you clarify which sig caught it?
>
>
> Doc.Dropper.Agent-177659 is not an actual sig number.
>
> Damn cut and paste... it's: Doc.Dropper.Agent-1776597
> (a hash)
>
> --
> Cheers,
>
> Steve
> Twitter: @sanesecurity
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Html.Exploit.CVE_2016_3386-1 False Positives

2016-10-21 Thread Alain Zidouemba 
Thanks for the FP report. The offending signature has been pulled.

- Alain

On Fri, Oct 21, 2016 at 4:16 AM, Al Varnell  wrote:

> Html.Exploit.CVE_2016_3386-1 added today by daily - 22400 is identifying
> the following Main.js files as infected. They are all WebKit components
> included with multiple versions of OS X/macOS associated with Apple Safari
> Browser applications.  All three have been uploaded to the ClamAV False
> Positive Report page.
>
> /System/Library/PrivateFrameworks/WebInspectorUI.framework/
> Versions/A/Resources/Main.js
> d67f310354f84d6aca4e6e2a1c95a1ff:2087182:Main.js
>
> /System/Library/StagedFrameworks/Safari/WebInspectorUI.framework/
> Versions/A/Resources/Main.js
> b570fcfd3e04e5ebca7e9869bc137138:2374974:Main.js
>
> /Applications/Safari Technology Preview.app/Contents/
> Frameworks/WebInspectorUI.framework/Versions/A/Resources/Main.js
> 7c7cfc310d19477ad642e8dc65fdfa45:2452877:Main.js
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Html.Exploit.CVE_2016_3386-1 False Positives

2016-10-21 Thread Al Varnell 
Html.Exploit.CVE_2016_3386-1 added today by daily - 22400 is identifying the 
following Main.js files as infected. They are all WebKit components included 
with multiple versions of OS X/macOS associated with Apple Safari Browser 
applications.  All three have been uploaded to the ClamAV False Positive Report 
page.

/System/Library/PrivateFrameworks/WebInspectorUI.framework/Versions/A/Resources/Main.js
d67f310354f84d6aca4e6e2a1c95a1ff:2087182:Main.js

/System/Library/StagedFrameworks/Safari/WebInspectorUI.framework/Versions/A/Resources/Main.js
b570fcfd3e04e5ebca7e9869bc137138:2374974:Main.js

/Applications/Safari Technology 
Preview.app/Contents/Frameworks/WebInspectorUI.framework/Versions/A/Resources/Main.js
7c7cfc310d19477ad642e8dc65fdfa45:2452877:Main.js


-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml