Has anybody submitted a PDF yet? Normally, nothing can happen until they have at least one example. Once somebody has a sample they are allowed to submit, return here with a hash value of the submitted file so they can expedite processing.
-Al- On Wed, Nov 30, 2016 at 02:26 AM, maxal wrote: > > hi, > > On Tue, 2016-11-29 at 15:46 -0500, Gene Heskett wrote: >> On Tuesday 29 November 2016 11:53:03 Jeff Dyke wrote: >> >>> >>> Is there any way to get updates on a false positives(i submitted >>> this >>> about a week or so ago), if it is or is not, i still find these. In >>> my >>> case they seem to be ok coming from the printer, but then a >>> non-technical person opens and saves the file with a different name >>> (rather than just rename it) which activates this particular >>> exploit, >>> which we've proven by going and grabbing directly from the printer >>> and >>> then having the client open and resave and send us both documents. >>> >>> We're in the type of business where it would open us up to a ton of >>> liability if we were to white list, without knowing, have have a >>> site >>> user download an infected file. >>> >>> Thanks, happy to do anything i can. >>> >>> Jeff >>> >> I too have submitted an FP report on this one, but haven't been >> advised >> about it either. IMO it is as phony as a 3 dollar bill. > > also numerous hits on this rule on valid/harmless pdfs here - i have > already reported the fp last week and disabled/whitelisted the rule due > to customer complaints. > > why is cisco/clamav ignoring all the reports? is this part of the > automated (signature) processing? ~10 days of waiting for a signature- > fix is hard, the rule was published on: > > Nov 20, 2016, 3:18 PM > Datefile: daily > Version: 22573 > Publisher: Alain Zidouemba > New Sigs: 1187 > Dropped Sigs: 0 > Ignored Sigs: 54 > > kind regards > max
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
