Thanks Douglas. Please can you suggest about the errors about decompressing the file.
============ Thanks, Manoj Chitrala -- Manoj Chitrala Unix Administrator & Postmaster Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | Mobile: +44 7971 312075 -----Original Message----- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Douglas Goddard Sent: 19 August 2014 14:30 To: ClamAV users ML Subject: Re: [clamav-users] False Positive & File Decompression errors Confirmed the false positive. The signature should be dropped by the end of the day. On Tue, Aug 19, 2014 at 5:34 AM, Manoj Chitrala <mchitr...@researchnow.com> wrote: > Hi, > > Here is the MD5 sum output. > > root@RSNUKLT146:~/Desktop# md5sum show.html.erb > 16e3a74703c22cce728bb523439c1d02 show.html.erb > root@RSNUKLT146:~/Desktop# > > We are running Redhat Enterprise Linux 6.4 where clam av is been > installed with 0.98.4 version. Please do let me know if any more information > required. > > As a temporary work around we have whitelisted > Html.Exploit.CVE_2014_0277 virus alerts, as it has alerted many files > which are not threat to us. Once we have solution, we will remove the white > listing. > > ============ > Thanks, > Manoj Chitrala > > > -- > Manoj Chitrala > Unix Administrator & Postmaster > > Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | Mobile: +44 7971 > 312075 > > > > Research Now | 160 Queen Victoria Street | London, United Kingdom > EC4V 4BF www.researchnow.com > > -----Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Al Varnell > Sent: 19 August 2014 10:29 > To: ClamAV users ML > Subject: Re: [clamav-users] False Positive & File Decompression errors > > Manoj, > > What unix system are you running clamav on? > > The team will need to know the MD5 of show.html.erb in order to > quickly locate it among the other False Positives submitted. You > cannot attach it here. > > -Al- > > > On Aug 19, 2014, at 2:02 AM, Manoj Chitrala > > <mchitr...@researchnow.com> > wrote: > > > > Hi, > > > > We have 2 issues with Clamav. > > > > > > 1) We've been receiving false positive alerts. I have also > submitted false positives many a times but I haven't received any > response from clam av team. Please can you suggest a fix for this. I > have upgraded the AV to latest, updated the virus definitions but all > in vain. Attaching the file for your reference. This file > show.html.erb is been reported with Html.Exploit.CVE_2014_0277, which > is a false as we have scanned it using Microsoft End Point Protection and > found no threats. > > > > 2) The other error we have is the clam av reports us it is unable > decompress the file and scan. Please can you suggest any solution for this. > Error message appears as "scancws: Error decompressing SWF file > LibClamAV info" > > > > Hoping to get a response on these 2 issues. > > > > ============ > > Thanks, > > Manoj Chitrala > > > > > > [Research Now] <http://www.researchnow.com/> > > [Research Now] Manoj Chitrala > > Unix Administrator & Postmaster > > > > Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | > Mobile: +44 7971 312075 > > > > > > <http://rn-university.com/researchagencies/> [ > http://sigs.researchnow.com/EU_Emails/UK/14Jul/ESOMAR_Footer_UK_Mar14- > 02.gif] > < > http://www.researchnow.com/en-GB/PressAndEvents/Events/2014/09/ESOMAR% > 20Congress%202014.aspx > > > > > > Follow us: [Facebook] > > <http://www.facebook.com/ResearchNowUK> > [LinkedIn] <http://www.linkedin.com/company/research-now> [YouTube] < > http://www.youtube.com/user/ResearchNowGlobal> [Twitter] < > http://twitter.com/#!/ResearchNowUK> > > > > 160 Queen Victoria Street | London, United Kingdom EC4V 4BF > > www.researchnow.com > > > > The information contained in this e-mail message is intended for the > > use > of the recipient(s) named above and is privileged and confidential. If > you are not the intended recipient, you are formally notified that you > have received this message in error and that any review, > dissemination, distribution, or copying of the message is strictly > prohibited. If you have received this communication in error, please > notify us immediately by e-mail and delete the original message. > > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
