Re: [clamav-users] Txt.Exploit.CVE_2017_0007-5839723-0 FOUND

Mon, 20 Feb 2017 20:45:43 -0800 

First some background info.

The definition was added recently by daily - 23071, Feb 15, 2017, so that 
explains why you are just now seeing it.

It's looking for the following ASCII string in an ASCII Text document:

begin_signature 
block{WILDCARD_ANY_STRING(LENGTH<=100)}miia4ayjkozihvcnaqccoiia0tccgs0c

except I substituted an underline "_" for the first space " " character to 
prevent this e-mail from being detected as infected.

That appears to be a rather unique string of characters, though I don't know 
anything about what type of malware this might be looking for.

I downloaded EFTools6.1.3ForVS2013.msi from 
<https://www.microsoft.com/en-us/download/details.aspx?id=40762> and confirmed 
the detection.

I decompressed the .msi archive and scanned the resulting files, but none of 
those files were found to be an infection.

I also opened the .msi archive in a text editor and the only portion of the 
signature I could locate was the word "begin" twice and the word "signature" 
several times, but not consecutively. So I have no idea how this file is found 
to be infected.

So if I were you I would upload EFTools6.1.3ForVS2014.msi or whatever one you 
have to ClamAV's False Positive Report page <http://www.clamav.net/reports/fp>.

-Al-

On Mon, Feb 20, 2017 at 07:39 PM, Clamise Chee wrote:
> 
> I am having a lot of thoughts over the detection from the programming 
> packages under "EntityFramework".
> 
> The alert returns : Txt.Exploit.CVE_2017_0007-5839723-0 FOUND
> 
> 
> The loads of file (over 100+ per package) was detected as virus with the ID 
> above, there was no mentioning of alerts/scanning coming from this file when
> 
> we first use ClamAV (this file has been sitting there since year 2015 until 
> recent update of the daily.cvd file, 17 Feb 2017)
> 
> 
> I'm having a hard time trying to figure out how could this fall under Virus.
> 
> Is there a recommendation on how can I get this cleared/cleaned ?
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to