Re: [clamav-users] handling multiple hits on CVE-2015-7645?

Mon, 30 Nov 2015 07:29:25 -0800 

Thanks for your response...

I did join the clamav-virusdb mail list (since 11/10/2015)
and have received *[clamav-virusdb] Update ...*
messages

Example:
--------------------------------------------------------------------------------
ClamAV database updated (30 Nov 2015 08-36 -0500): daily.cvd
Version: 21116

Submission-ID: 1201984744
Sender: Anonymous
Added: Win.Worm.Allaple-143117
...
------------------------------------------------------------------------------

I have been reading these as a posting of a (new) virus and
clamav support has confirmed it and added the signature to the database (update).
Should I have noted a submission ID when I originally posted the false positive reports? 

Would an accepted false positive submission be noted as "Removed:" ?

Should I expect a different notification?

Thanks for any clarification.


On 11/22/2015 4:28 PM, Al Varnell wrote:

On Sun, Nov 22, 2015 at 04:51 AM, Orrick, Diana wrote:

Hello,

I haven't has any response to filing a number of False Positive reports, should 
I have?

Have you joined the clamav-virusdb mailing-list?  You won’t be notified unless 
you do.


I do appreciate the limits of the support folks, really. Just trying to 
understand
how FP are handled and what the expectations should be.

We've had another round of scans and the same servers,
same files are flagged by ClamAV (only) again for Swf.Exploit.CVE_2015_7645.
These are showing up on Linux servers that do not have the flash rpm referenced 
in the CVE.

I've looked through the archives and the admin manual for some reference to
creating a 'local whitelist record' but don't find much. Would someone point
me to the terms I should search on for the whitelist creation process, please?

Thanks for your assistance.

-Al-


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to