On Mon, Oct 22, 2012 at 4:35 AM, Christoph Mitasch < cmita...@thomas-krenn.com> wrote:
> Hello, > > I have the same problem since a few days. > > When I try to submit it as False Positive, it says it is not recognized by > ClamAV. > http://www.clamav.net/lang/en/sendvirus/submit-fp/ > > But on the commandline it is definitely reported. > > host:~# tail -f /var/log/clamav/freshclam.log > Mon Oct 22 10:14:32 2012 -> -------------------------------------- > Mon Oct 22 10:14:32 2012 -> freshclam daemon 0.97.5 (OS: linux-gnu, ARCH: > x86_64, CPU: x86_64) > Mon Oct 22 10:14:32 2012 -> ClamAV update process started at Mon Oct 22 > 10:14:32 2012 > Mon Oct 22 10:14:32 2012 -> WARNING: Your ClamAV installation is OUTDATED! > Mon Oct 22 10:14:32 2012 -> WARNING: Local version: 0.97.5 Recommended > version: 0.97.6 > Mon Oct 22 10:14:32 2012 -> DON'T PANIC! Read > http://www.clamav.net/support/faq > Mon Oct 22 10:14:32 2012 -> main.cvd is up to date (version: 54, sigs: > 1044387, f-level: 60, builder: sven) > Mon Oct 22 10:14:32 2012 -> daily.cld is up to date (version: 15484, sigs: > 277547, f-level: 63, builder: guitar) > Mon Oct 22 10:14:32 2012 -> bytecode.cvd is up to date (version: 190, > sigs: 36, f-level: 63, builder: neo) > Mon Oct 22 10:14:34 2012 -> -------------------------------------- > > host:~# clamscan /tmp/lsi.linux.s21134.071112.074730.tar.gz > /tmp/lsi.linux.s21134.071112.074730.tar.gz: UNIX.Exploit.CVE_2010_3301 > FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 1316615 > Engine version: 0.97.5 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 25.85 MB > Data read: 1.31 MB (ratio 19.70:1) > Time: 6.309 sec (0 m 6 s) > > What do you recommend? > > Thank you, > Christoph > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > As your clamscan output recommends, please update to version 0.97.6. The False Positive report page uses the latest available version to validate the file. If it is rejecting the submission because it sees no detection, then the version difference must resolve the FP. Dave R. -- --- Dave Raynor Sourcefire Vulnerability Research Team dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
