Re: [clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

2012-12-12 Thread Matthias Egger
Hello Alain Am 12.12.2012 18:38, schrieb Alain Zidouemba: Matthias, What architecture are you running ClamAV on? x86/64, PowerPC, SPARC, etc..? SPARC (SunOS 5.10) Best regards Matthias -- Matthias Egger IT Support Gruppe D-ITET (ISG.EE) ETH Zürich, ETL F 24.1 Physikstrasse 3 8092 Zürich +41

Re: [clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

2012-12-12 Thread Alain Zidouemba
Matthias, What architecture are you running ClamAV on? x86/64, PowerPC, SPARC, etc..? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

Re: [clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

2012-12-12 Thread Matthias Egger
Hi David On 10.12.2012 17:03, David Raynor wrote: So let's try the easiest one first: how big is the file? If you have raised it past the filescan max size, then default installations will skip it and report OK. Any suggestion what i could do about that? Best regards Matthias -- Matthias Egge

Re: [clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

2012-12-11 Thread Matthias Egger
Hi David Thank you for the reply On 10.12.2012 17:03, David Raynor wrote: So let's try the easiest one first: how big is the file? If you have raised * The quarantined email is 21'503'810 Bytes. * The attached Zip File is 15'916'684 Bytes * and the extracted .pptx is 22'415'087 Bytes in size.

Re: [clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

2012-12-10 Thread David Raynor
It is not the CVD files. The versions you list are the same versions as we have up to date [and the daily.cvd is 15708]. I'd wager there is some kind of non-default scan option that is changing the results. So let's try the easiest one first: how big is the file? If you have raised it past the fil

[clamav-users] False Positive for BC.Exploit.CVE_2012_1885-1

2012-12-10 Thread Matthias Egger
Hello List I have a zip file containing a .pptx file which ClamAV claims to be "BC.Exploit.CVE_2012_1885-1". But virustotal and virscan.org have no complain at all. https://www.virustotal.com/file/09c5de164928c88b6ee370677242a4d69a00a88ecbd044af656f17fc54665fea/analysis/1355131094/ http://r.