I checked few minutes ago but it is still present also with the new definitions updated!
--- cut here --- # freshclam ClamAV update process started at Tue Jul 26 09:42:49 2016 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99 Recommended version: 0.99.2 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Downloading daily-21972.cdiff [100%] daily.cld updated (version: 21972, sigs: 454200, f-level: 63, builder: neo) bytecode.cld is up to date (version: 283, sigs: 53, f-level: 63, builder: neo) Database updated (4673043 signatures) from db.it.clamav.net (IP: 90.147.160.69) .... # clamscan /usr/share/doc/libxml2-python-2.7.6/reader2.py /usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 4667645 Engine version: 0.99 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.01 MB Data read: 0.00 MB (ratio 2.00:1) Time: 14.303 sec (0 m 14 s) [root@prdfeec01 clamav]# --- cut here --- Vahid -----Original Message----- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba Sent: lunedì 25 luglio 2016 17:13 To: ClamAV users ML Subject: Re: [clamav-users] CVE_2013_3860-1 Xml.Exploit.CVE_2013_3860-1 has been dropped. Thanks, - Alain On Sun, Jul 24, 2016 at 11:51 AM, Al Varnell <alvarn...@mac.com> wrote: > There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily: > 20352 on Apr 20, 2015 which was found to be producing FP’s and was > removed by daily: 20358. > > The current Xml.Exploit.CVE_2013_3860-1 was re-introduced by daily - > 21939 on Jul 20, 2016 and I know of one ClamXav user reporting what he > believes to be an FP, but waiting on details. Not sure whether the > two signatures are the same or not. > > -Al- > > On Jul 24, 2016, at 7:14 AM, c chupela <cnctem...@yahoo.com> wrote: > > > My Clamav installation, engine version .99, signature daily.cld > > updated > (version: 21959, sigs: 454048, f-level: 63, builder: neo)bytecode.cld > is up to date (version: 283, sigs: 53, f-level: 63, builder: neo) > > > > flagging /usr/share/doc/libxml2-python-2.7.6/reader2.py: > Xml.Exploit.CVE_2013_3860-1 > > > > I see some discussion online that alludes to this being a false > positive, is this the case? > > Thanks > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
