It was an oversight on our end. Thank you for being persistent. The
offending bytecode has been dropped and the fixed code has been published.
On Thu, Dec 12, 2013 at 4:22 AM, Al Varnell <alvarn...@mac.com> wrote:
> On Wed, Dec 11, 2013 at 06:56 AM, Douglas Goddard wrote:
> > When was your last signature update? Could you run freshclam and then
> > rescan? That version of the bytecode signature has been dropped and
> should
> > no longer be alerting, the current version is BC.Exploit.CVE_2013_3906-3.
> > If that version is still alerting after an update then we will do some
> > deeper investigation.
>
> I don't see any reference to a "dash 3" version of this signature anywhere
> after several definition updates today. The only thing sigtool gives me is:
>
> > VIRUS NAME: BC.Exploit.CVE_2013_3906.{}
> > TDB: Engine:56-255,Target:0
> > LOGICAL EXPRESSION: (3|4|(0&(2|1)))
> > * SUBSIG ID 0
> > +-> OFFSET: 0
> > +-> DECODED SUBSIGNATURE:
> > ??ࡱ?
> > * SUBSIG ID 1
> > +-> OFFSET: ANY
> > +-> DECODED SUBSIGNATURE:
> > II*
> > * SUBSIG ID 2
> > +-> OFFSET: ANY
> > +-> DECODED SUBSIGNATURE:
> > MM*
> > * SUBSIG ID 3
> > +-> OFFSET: 0
> > +-> DECODED SUBSIGNATURE:
> > II*
> > * SUBSIG ID 4
> > +-> OFFSET: 0
> > +-> DECODED SUBSIGNATURE:
> > MM*
>
> and yes, I do understand that the actual signature has more too it than
> this.
>
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
