There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily: 
20352 on Apr 20, 2015 which was found to be producing FP’s and was removed by 
daily: 20358.

The current Xml.Exploit.CVE_2013_3860-1 was re-introduced by daily - 21939 on 
Jul 20, 2016 and I know of one ClamXav user reporting what he believes to be an 
FP, but waiting on details.  Not sure whether the two signatures are the same 
or not.

-Al-

On Jul 24, 2016, at 7:14 AM, c chupela <cnctem...@yahoo.com> wrote:

> My Clamav installation,  engine version .99, signature daily.cld updated 
> (version: 21959, sigs: 454048, f-level: 63, builder: neo)bytecode.cld is up 
> to date (version: 283, sigs: 53, f-level: 63, builder: neo)
> 
> flagging /usr/share/doc/libxml2-python-2.7.6/reader2.py: 
> Xml.Exploit.CVE_2013_3860-1
> 
> I see some discussion online that alludes to this being a false positive, is 
> this the case?
> Thanks

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to