Re: [clamav-users] false positive on windows update

Mon, 11 Jun 2012 14:42:38 -0700 

Whoops I sent that email before I checked, lol, Ok the update appears
to have indeed solved the issue, now I gotta figure out why freshclam
isnt updating properly.

On Mon, 11 Jun 2012 16:56:46 -0400
Alain Zidouemba <azidoue...@sourcefire.com> wrote:

> Please update your signatures. This FP has been taken care of.
> 
> Thanks,
> 
> - Alain
> 
> On Mon, Jun 11, 2012 at 4:50 PM, bnichols <mrnicho...@gmail.com>
> wrote:
> 
> > /mnt/secondary/var/spool/squid3/00/0D/00000DC9: Trojan.Patched-247
> > FOUND downloaded from..
> >
> > http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/11154683.cab
> > Resolving www.download.windowsupdate.com... 8.27.241.126,
> > 8.27.242.126, 8.254.9.254
> >
> > A manual scan of the file shows this
> >
> > deviant:/home/devadmin# wget
> > http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/11154683.cab
> > --2012-06-11 12:10:44--
> > http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/11154683.cab
> > Resolving www.download.windowsupdate.com... 8.27.241.126,
> > 8.27.242.126, 8.254.9.254
> > Connecting to www.download.windowsupdate.com|8.27.241.126|:80...
> > connected.
> > HTTP request sent, awaiting response... 200 OK
> > Length: 8167633 (7.8M) [application/octet-stream]
> > Saving to: “11154683.cab”
> >
> > 100%[===================================================================================================================>]
> > 8,167,633    340K/s   in 23s
> >
> > 2012-06-11 12:11:08 (343 KB/s) - “11154683.cab” saved
> > [8167633/8167633]
> >
> > deviant:/home/devadmin# clamscan -i 11154683.cab
> > 11154683.cab: Trojan.Patched-247 FOUND
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 1256227
> > Engine version: 0.97.3
> > Scanned directories: 0
> > Scanned files: 1
> > Infected files: 1
> > Data scanned: 22.68 MB
> > Data read: 7.79 MB (ratio 2.91:1)
> > Time: 37.485 sec (0 m 37 s)
> >
> >
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide: visit
> > http://wiki.clamav.net http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit
> http://wiki.clamav.net http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to