Manoj, Please open a bugzilla ticket at bugzilla.clamav.net and attach the swf file. We'll investigate ASAP.
Thanks, Steve On Tue, Aug 19, 2014 at 9:32 AM, Manoj Chitrala <mchitr...@researchnow.com> wrote: > Thanks Douglas. Please can you suggest about the errors about > decompressing the file. > > ============ > Thanks, > Manoj Chitrala > > > -- > Manoj Chitrala > Unix Administrator & Postmaster > > Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | Mobile: +44 7971 > 312075 > > > > -----Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Douglas Goddard > Sent: 19 August 2014 14:30 > To: ClamAV users ML > Subject: Re: [clamav-users] False Positive & File Decompression errors > > Confirmed the false positive. The signature should be dropped by the end > of the day. > > > On Tue, Aug 19, 2014 at 5:34 AM, Manoj Chitrala <mchitr...@researchnow.com > > > wrote: > > > Hi, > > > > Here is the MD5 sum output. > > > > root@RSNUKLT146:~/Desktop# md5sum show.html.erb > > 16e3a74703c22cce728bb523439c1d02 show.html.erb > > root@RSNUKLT146:~/Desktop# > > > > We are running Redhat Enterprise Linux 6.4 where clam av is been > > installed with 0.98.4 version. Please do let me know if any more > information required. > > > > As a temporary work around we have whitelisted > > Html.Exploit.CVE_2014_0277 virus alerts, as it has alerted many files > > which are not threat to us. Once we have solution, we will remove the > white listing. > > > > ============ > > Thanks, > > Manoj Chitrala > > > > > > -- > > Manoj Chitrala > > Unix Administrator & Postmaster > > > > Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | Mobile: +44 7971 > > 312075 > > > > > > > > Research Now | 160 Queen Victoria Street | London, United Kingdom > > EC4V 4BF www.researchnow.com > > > > -----Original Message----- > > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > > Behalf Of Al Varnell > > Sent: 19 August 2014 10:29 > > To: ClamAV users ML > > Subject: Re: [clamav-users] False Positive & File Decompression errors > > > > Manoj, > > > > What unix system are you running clamav on? > > > > The team will need to know the MD5 of show.html.erb in order to > > quickly locate it among the other False Positives submitted. You > > cannot attach it here. > > > > -Al- > > > > > On Aug 19, 2014, at 2:02 AM, Manoj Chitrala > > > <mchitr...@researchnow.com> > > wrote: > > > > > > Hi, > > > > > > We have 2 issues with Clamav. > > > > > > > > > 1) We've been receiving false positive alerts. I have also > > submitted false positives many a times but I haven't received any > > response from clam av team. Please can you suggest a fix for this. I > > have upgraded the AV to latest, updated the virus definitions but all > > in vain. Attaching the file for your reference. This file > > show.html.erb is been reported with Html.Exploit.CVE_2014_0277, which > > is a false as we have scanned it using Microsoft End Point Protection > and found no threats. > > > > > > 2) The other error we have is the clam av reports us it is unable > > decompress the file and scan. Please can you suggest any solution for > this. > > Error message appears as "scancws: Error decompressing SWF file > > LibClamAV info" > > > > > > Hoping to get a response on these 2 issues. > > > > > > ============ > > > Thanks, > > > Manoj Chitrala > > > > > > > > > [Research Now] <http://www.researchnow.com/> > > > [Research Now] Manoj Chitrala > > > Unix Administrator & Postmaster > > > > > > Tel: +44 207 084 3142 | Fax: +44 207 084 3001 | > > Mobile: +44 7971 312075 > > > > > > > > > <http://rn-university.com/researchagencies/> [ > > http://sigs.researchnow.com/EU_Emails/UK/14Jul/ESOMAR_Footer_UK_Mar14- > > 02.gif] > > < > > http://www.researchnow.com/en-GB/PressAndEvents/Events/2014/09/ESOMAR% > > 20Congress%202014.aspx > > > > > > > > > Follow us: [Facebook] > > > <http://www.facebook.com/ResearchNowUK> > > [LinkedIn] <http://www.linkedin.com/company/research-now> [YouTube] < > > http://www.youtube.com/user/ResearchNowGlobal> [Twitter] < > > http://twitter.com/#!/ResearchNowUK> > > > > > > 160 Queen Victoria Street | London, United Kingdom EC4V 4BF > > > www.researchnow.com > > > > > > The information contained in this e-mail message is intended for the > > > use > > of the recipient(s) named above and is privileged and confidential. If > > you are not the intended recipient, you are formally notified that you > > have received this message in error and that any review, > > dissemination, distribution, or copying of the message is strictly > > prohibited. If you have received this communication in error, please > > notify us immediately by e-mail and delete the original message. > > > > > > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/support/ml > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/support/ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
