Complete. I've dropped the signature. daily.cld updated (version: 19002, sigs: 957431, f-level: 63, builder: shurley)
After running a freshclam the sample should no longer alert. Shaun On Mon, May 19, 2014 at 3:27 PM, Shaun Hurley <shahu...@sourcefire.com>wrote: > Thank you. I'll take a look at what the issue is. > > Shaun > > > On Mon, May 19, 2014 at 2:02 PM, Al Varnell <alvarn...@mac.com> wrote: > >> On May 13, 2014, at 8:19 AM, Shaun Hurley <shahu...@sourcefire.com> >> wrote: >> >> > A ClamXav user complained of having a Google Chrome extension “WebGL >> > Inspector” which he has used since 2012 was said to be infected with >> > HTML.Exploit.Heap-2. >> > >> > I was able to obtain a later version of that extension and verified that >> > the gli.all.js file in that extension scans as infected. >> > >> > I was not able to locate when this signature was added on the >> > clamav-virusdb list. >> > >> > I was able to easily confirm that the file contains all elements of the >> > signature (four ascii strings separated by “any strings” of varying >> length. >> > >> > I haven’t found any clues on what an actual infected file might be. >> > >> > I submitted it to VirusTotal where only ClamAV® detected it >> > < >> > >> https://www.virustotal.com/en/file/36fd57cce150c5e8ea26168823e84b19e109592c6586496b605306cbb482d982/analysis/1399908003/ >> >> >> > >> > I successfully uploaded to you using your "Submit a false positive" >> form. >> > MD5 = 6968c0d2ad15e68b33bb30074ddbb7a6 >> > >> > >> > -Al- >> > -- >> > Al Varnell >> > Mountain View, CA >> > >> > ------------- >> > Al, >> > >> > Sorry, I didn't have the original email that was sent to the list. After >> > further analysis, I've modified the signature so that it shouldn't >> generate >> > as many false positives. >> > >> > Thank you, >> > Shaun Hurley >> >> Here’s another one that doesn’t seem to have been deployed. I’m still >> getting an FP on the file I submitted and I don’t see any obvious changes >> to the signature. >> >> -Al- >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/support/ml >> > > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
