Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

A new bytecode CVD will be out shortly to address this. Thanks, - Alain On Fri, Sep 15, 2017 at 8:18 AM, Leonardo Rodrigues < leolis...@solutti.com.br> wrote: > > i have had ZERO matches on the CVE_2017_11241 signature on the last > days. Had several hundreds (which i believe are all FPs) o

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

    i have had ZERO matches on the CVE_2017_11241 signature on the last days. Had several hundreds (which i believe are all FPs) on the CVE_2017_11244 which, to me, is still active.     Had to whitelist it (local.ign2) to get rid of the problem. Em 15/09/17 08:39, Al Varnell escreveu: BC.W

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

BC.Win.Exploit.CVE_2017_11241-6335400-2 was dropped in bytecode - 311, but not BC.Win.Exploit.CVE_2017_11244-6335828-0. -Al- On Fri, Sep 15, 2017 at 04:01 AM, Alain Zidouemba wrote: > Dropped on Tuesday. > > -Alain > >> On Sep 15, 2017, at 1:45 AM, Al Varnell > > wrot

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Dropped on Tuesday. -Alain > On Sep 15, 2017, at 1:45 AM, Al Varnell wrote: > > Haven't seen any notification that it's been dropped yet. > > -Al- > >> On Wed, Sep 13, 2017 at 11:52 AM, Alain Zidouemba wrote: >> BC.Win.Exploit.CVE_2017_11244-6335828-0 has been dropped and will be >> modified to

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Haven't seen any notification that it's been dropped yet. -Al- On Wed, Sep 13, 2017 at 11:52 AM, Alain Zidouemba wrote: > BC.Win.Exploit.CVE_2017_11244-6335828-0 has been dropped and will be > modified to avoid the FPs you've reported. > > Thanks, > > - Alain > > On Wed, Sep 13, 2017 at 1:13 P

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

BC.Win.Exploit.CVE_2017_11244-6335828-0 has been dropped and will be modified to avoid the FPs you've reported. Thanks, - Alain On Wed, Sep 13, 2017 at 1:13 PM, Kees Theunissen wrote: > On Wed, 13 Sep 2017, Kees Theunissen wrote: > > >On Wed, 13 Sep 2017, lukn wrote: > > > >>Hello List > >> >

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

On Wed, 13 Sep 2017, Kees Theunissen wrote: >On Wed, 13 Sep 2017, lukn wrote: > >>Hello List >> >>Same here, I do see FPs with >>BC.Win.Exploit.CVE_2017_11244-6335828-0 >>hitting legitimate corporate files (so no submission possible from me >>either). > >We saw BC.Win.Exploit.CVE_2017_11244-633582

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

On Wed, 13 Sep 2017, lukn wrote: >Hello List > >Same here, I do see FPs with >BC.Win.Exploit.CVE_2017_11244-6335828-0 >hitting legitimate corporate files (so no submission possible from me >either). We saw BC.Win.Exploit.CVE_2017_11244-6335828-0 hitting a *.docx attachment in an outbound e-mail f

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Hello List Same here, I do see FPs with BC.Win.Exploit.CVE_2017_11244-6335828-0 hitting legitimate corporate files (so no submission possible from me either). md5sum of the affected file is bf20323e1cea2c2c3fc26d09956dd906 (don't know if this is helpful without the actual file...) On 13.09.2017

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

    I'm also getting some excel files flagged by the same signature, excel files that are supposed to be clean by other commercial antiviruses     two files from my amavis quarantine folder scanned with actual signatures: [root@correio shm]# clamdscan -v virus-2017* /dev/shm/virus-20170912T

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

ash of file Standard Job1.xlsx: eb 28 c5 01 b2 14 91 5a 70 31 59 92 56 9e f6 10 From: Joel Esler (jesler) mailto:jes...@cisco.com>> To: ClamAV users ML mailto:clamav-users@lists.clamav.net>> Sent: Tuesday, September 12, 2017 5:55 AM Subject: Re: [clamav-users] CVE-2017-11241 -

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

The MD5 of the false positive file that I submitted to the website:MD5 hash of file Standard Job1.xlsx: eb 28 c5 01 b2 14 91 5a 70 31 59 92 56 9e f6 10 From: Joel Esler (jesler) To: ClamAV users ML Sent: Tuesday, September 12, 2017 5:55 AM Subject: Re: [clamav-users] CVE-2017-11241

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

sigtool --md5 will do it. -Al- On Tue, Sep 12, 2017 at 04:55 AM, Joel Esler (jesler) wrote: > Depends on your operating system, but googling “how do I find the md5 of a > file” for your OS should turn of plenty of results. > > -- > Joel Esler | Talos: Manager | jes...@cisco.com >

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Depends on your operating system, but googling “how do I find the md5 of a file” for your OS should turn of plenty of results. -- Joel Esler | Talos: Manager | jes...@cisco.com On Sep 11, 2017, at 5:42 PM, Judd Grayzel mailto:judd_gray...@yahoo.com>> wrote: Where

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

Where do I get the MD5 for the file? Sent from my iPhone > On Sep 11, 2017, at 1:42 PM, Joel Esler (jesler) wrote: > > You want to submit some false positives to us via the website, followup here > with the md5s of the files you submit, the malware team can take a look. > > -- > Joel Esler |

Re: [clamav-users] CVE-2017-11241 - Synology DIskStation AV Essentials

You want to submit some false positives to us via the website, followup here with the md5s of the files you submit, the malware team can take a look. -- Joel Esler | Talos: Manager | jes...@cisco.com On Sep 11, 2017, at 3:06 PM, Judd Grayzel mailto:judd_gray...@yah