Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP

Bill Maidment Tue, 07 Feb 2012 13:16:06 -0800

-----Original message-----
From:   Ralf Hildebrandt <ralf.hildebra...@charite.de>
Sent:   Wed 08-02-2012 00:16
Subject:        [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP
To:     clamav-users@lists.clamav.net; 
> Hi!
> 
> I'm trying to disable this signature, since it's giving my FPs for
> some XLS files (yes, I already submitted it as FP today):
> 
> mail2:/var/lib/clamav# sigtool --find-sigs=BC.Exploit.CVE_2011_3412
> [0001114551.cbc BYTECODE] 
> BC.Exploit.CVE_2011_3412.{CVE_2011_3412};Engine:56-255,Target:0;(0&1);0:d0cf11e0
> a1b11ae1;*:1c000404
> 
> mail2:/var/lib/clamav# cat local.ign2
> BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
> BC.Exploit.CVE_2011_3412
> CVE_2011_3412
> 
> (I tried 3 different ways of disabling the signature)
> 
> I restarted clamd, but still the mails are stopped as infected:
> 
> Tue Feb  7 13:33:09 2012 -> 
> /var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p004: 
> BC.Exploit.CVE_2011_3412(6988ecb2df20c8d0a4f43ccdc4008136:1782277) FOUND 
> Tue Feb  7 13:33:09 2012 -> 
> /var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p002: 
> BC.Exploit.CVE_2011_3412(39fd7b52d5cde9f8599267f1eb0c5aab:1317888) FOUND
> 
> What am I doing wrong here? Running clamv 0.97.3


It's the same story here. We've had to switch off all bytecode rules in the 
conf file. Not ideal.

Cheers
Bill Maidment
IT Consultant to Elgas Ltd
Phone: 02 4294 3649
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Cannot disable BC.Exploit.CVE_2011_3412 FP

Reply via email to