When was your last signature update? Could you run freshclam and then rescan? That version of the bytecode signature has been dropped and should no longer be alerting, the current version is BC.Exploit.CVE_2013_3906-3. If that version is still alerting after an update then we will do some deeper investigation.
On Wed, Dec 11, 2013 at 6:12 AM, Al Varnell <alvarn...@mac.com> wrote: > > On Wed, Dec 11, 2013 at 02:19 AM, Andrew Carter wrote: > > I have submitted a file several times (email and Excel attachment) to be > corrected at http://www.clamav.net/lang/en/sendvirus/submit-fp/ however > this is still being marked as a virus. In testing it against other scanners > Clam is the only one picking it up as a virus. > > They will need the MD5 hash value of the file in order to easily find it > in their database. > > What other scanners did you try? It was apparently reported first by > McAfee labs > < > http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 > >. > > Did you submit it to virustotal.com? > > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
