Hi David, thanks for the response. With todays antivirus definitions it isn't detected anymore.
Regards, Christoph ----- Ursprüngliche Mail ----- > Von: "David Raynor" <dray...@sourcefire.com> > An: "ClamAV users ML" <clamav-users@lists.clamav.net> > Gesendet: Montag, 22. Oktober 2012 17:56:21 > Betreff: Re: [clamav-users] [Clamav-users] Clamscan detected a > UNIX.Exploit.CVE_2010_3301 > > On Mon, Oct 22, 2012 at 4:35 AM, Christoph Mitasch < > cmita...@thomas-krenn.com> wrote: > > > Hello, > > > > I have the same problem since a few days. > > > > When I try to submit it as False Positive, it says it is not > > recognized by > > ClamAV. > > http://www.clamav.net/lang/en/sendvirus/submit-fp/ > > > > But on the commandline it is definitely reported. > > > > host:~# tail -f /var/log/clamav/freshclam.log > > Mon Oct 22 10:14:32 2012 -> -------------------------------------- > > Mon Oct 22 10:14:32 2012 -> freshclam daemon 0.97.5 (OS: linux-gnu, > > ARCH: > > x86_64, CPU: x86_64) > > Mon Oct 22 10:14:32 2012 -> ClamAV update process started at Mon > > Oct 22 > > 10:14:32 2012 > > Mon Oct 22 10:14:32 2012 -> WARNING: Your ClamAV installation is > > OUTDATED! > > Mon Oct 22 10:14:32 2012 -> WARNING: Local version: 0.97.5 > > Recommended > > version: 0.97.6 > > Mon Oct 22 10:14:32 2012 -> DON'T PANIC! Read > > http://www.clamav.net/support/faq > > Mon Oct 22 10:14:32 2012 -> main.cvd is up to date (version: 54, > > sigs: > > 1044387, f-level: 60, builder: sven) > > Mon Oct 22 10:14:32 2012 -> daily.cld is up to date (version: > > 15484, sigs: > > 277547, f-level: 63, builder: guitar) > > Mon Oct 22 10:14:32 2012 -> bytecode.cvd is up to date (version: > > 190, > > sigs: 36, f-level: 63, builder: neo) > > Mon Oct 22 10:14:34 2012 -> -------------------------------------- > > > > host:~# clamscan /tmp/lsi.linux.s21134.071112.074730.tar.gz > > /tmp/lsi.linux.s21134.071112.074730.tar.gz: > > UNIX.Exploit.CVE_2010_3301 > > FOUND > > > > ----------- SCAN SUMMARY ----------- > > Known viruses: 1316615 > > Engine version: 0.97.5 > > Scanned directories: 0 > > Scanned files: 1 > > Infected files: 1 > > Data scanned: 25.85 MB > > Data read: 1.31 MB (ratio 19.70:1) > > Time: 6.309 sec (0 m 6 s) > > > > What do you recommend? > > > > Thank you, > > Christoph > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit > > http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > > As your clamscan output recommends, please update to version 0.97.6. > The > False Positive report page uses the latest available version to > validate > the file. If it is rejecting the submission because it sees no > detection, > then the version difference must resolve the FP. > > Dave R. > > -- > --- > Dave Raynor > Sourcefire Vulnerability Research Team > dray...@sourcefire.com > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
