Daily 15462 today contained the following: Submission-ID: 53018933 Sender: Anonymous Added: PHP.Exploit.CVE_2011_4153-2
A ClamXav user reported that a scan of his hard drive reported the following file to be infected: /usr/lib/php/install-pear-nozlib.phar This file appears to be a shell script to install the PHP Extension and Application Repository (PEAR) described by WikipediA @ <http://en.wikipedia.org/wiki/PEAR> and is also available @ <http://en.wikipedia.org/wiki/PEAR>. I've verified with several users now that this seems to have been part of every OS X distribution since version 10.6.x. I have submitted it as a False Positive earlier today and expect the signature team will resolve it shortly. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
