I sent a note out on this yesterday with reference to most Mac OS X users who have /usr/php/install-pear-nozlib.phar on their hard drives, having already submitted the file as an FP. Since then there have been a couple of other Unix users report similar results and a promise to get back to us, but nothing yet.
Check the list archive for details. Whether it's of any consequence or not depends on what version of PHP you have. The CVE was reported back in January and concerned PHP 5.3.8 which was apparently patched with PHP 5.4.0, but that's all I can seem to find out. -Al- -- Al Varnell Mountain View, CA On 10/17/12 12:11 AM, "Steffen Ewert" wrote: > Hi, > > with the newest DB (updated 4hours ago) I get the following virus detection: > > /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz: > PHP.Exploit.CVE_2011_4153-2 FOUND > /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz: > PHP.Exploit.CVE_2011_4153-2 FOUND > > I assume this must be a wrong detection because both files wasn't changed > since I had downloaded it (my backup application calc's every night a checksum > of each file and only if the checksum differs the file will be backup again > and the last time of the backup of both files was the day I have downloaded > and stored the files). > > May be there are also other DokuWiki tgz files with this virus detection. I > have only stored this both dokuwiki tgz files on my disk. > > Any other there which can confirm this (hopefully) wrong virus detection with > the newest DB? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
