Bytecode 184 went onto my system at 8:45 this morning. As of 9:05 I am
still getting BC_Exploit.CVE_2012_1847 rejections. I do not quarantine (I
reject) viruses, so I don't have a copy to send in.
Could this be a latency problem - could not all of the mimedefang.pl
daemons have picked up the new Bytecode? I have a minimum of 20 processes
running.
Thanks
David
--On Wednesday, May 23, 2012 11:38 AM -0400 Joel Esler
<jes...@sourcefire.com> wrote:
I assume you've ran freshclam since then. So, if so, then no.
Please send the file into us via the clamav.net FP reporter, and email us
back with the md5 and we'll take a look.
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
On May 23, 2012, at 11:18 AM, Matthias Egger wrote:
Hello
I have a Quarantained (amavisd-new) email with an Excel Attachment.
clamav thinks it matches against BC.Exploit.CVE_2012_1847
Sophos doesn't complain and when i send the excel file to virustotal. no
other virusscanner complains about that.
So is this the same problem we had on May 11th?
Best regards
Matthias
--
Matthias Egger
ETH Zurich
Department of Information Technology maeg...@ee.ethz.ch
and Electrical Engineering
IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90
Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
___________________________________
David Alix
Information Systems and Computing
david.a...@isc.ucsb.edu
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml