The clamav false positive submission system will not accept my entry and says that it is not detected by ClamAV. This is not a virus, not malware, this is a PHP test file for the PHP source. The released version for my dist is 0.98.1 but the submission system said to use the latest version, so I compiled 0.98.3 and came up with the same results on the latest database. Now I'm posting here to hopefully get it into the false positive list upon confirmation. If this is not the right place to post it, please point me in the right direction. After a lot of searches I have been unable to find any other real reference to this issue.
This is the test file in the PHP git repository. https://github.com/php/php-src/blob/master/ext/tidy/tests/bug54682.phpt Adding the -z flag to clamscan will make it visible. With no options clamscan sees the file as OK. $ clamscan -z /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt: PHP.Exploit.CVE_2011_4153-3 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 3358731 Engine version: 0.98.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 10.410 sec (0 m 10 s) The only other possible record of this issue I was able to find is the following. No guarantee it's actually related, since the thread dies almost instantly with no resolution: http://www.gossamer-threads.com/lists/clamav/users/56288 Thank you for your help, -Bill _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
