Thank you for reporting the FP and providing information. The signature needs to be reworked as it is causing FPs. The current version of the signature will be dropped shortly.
Thanks, - Alain On Fri, Aug 21, 2015 at 1:56 PM, Ángel González <an...@av.16bits.net> wrote: > Al Varnell wrote: > > I’ve had three users report browser cache files indicating > > Swf.Exploit.CVE_2015_3102 infection. All were logging into PayPal at > > the time. > > <https://www.paypal.com/us/cgi-bin/webscr?cmd=_account> > > My first doubt was wether they were logging into the legitimate PayPal > site, but apparently they were. > > The Swf.Exploit.CVE_2015_3102 signature matches the file at > hxxps://www.paypal.com/en_US/m/mid.swf > > > PayPal seems to have modified the file in the meantime, though. Al > reported the file was 5d024cc615e2b1c35ce9b2cce77ef481 / > c9d1856cfddc24fc3c51e5cc023c2cb4575b38a2140a39123438276d18b8561e > The one I downloaded is b0a5b791ee0a61b5bab74c8772e227e0 / > 75c2934018c742de4c902ad377be8edb7473266bacbb20e6407368676b9330a9 > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
