Hi,
I've received a few reports of FPs with the signature
Java.Exploit.CVE_2012_1723-8. I can't upload a sample because, of all places,
it's being detected in the scan log which could contain sensitive information.
Apart from the fact that it's very generic, looking only for a single short
string, I see it's also looking for the "ANY FILE" type (0). I've seen this a
number of times with FPs lately, why are java sigs written to detect filetype 0
rather than type 12 which is specifically for Java Classes?
VIRUS NAME: Java.Exploit.CVE_2012_1723-8
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
msf_/_x_/_PayloadX.class
Cheers
Mark
PS. I padded the decoded signature with underscores to avoid this email being
detected as infected.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
