On Sat, Apr 08, 2017 at 03:36 AM, ANANT S ATHAVALE wrote: > > Hi List, > > One of the .pptx file which was attached is getting detected as VIRUS: > Win.Exploit.CVE_2016_3301-6210129-0. As it is a official document and can't > to uploaded for submission. How to manually verify?
I don't understand what it is you want to do here.
The signature was added in Daily - 23271 on 5 Apr.
The signature is:
$ sigtool --find Win.Exploit.CVE_2016_3301-6210129-0|sigtool --decode-sigs
VIRUS NAME: Win.Exploit.CVE_2016_3301-6210129-0
TDB: Engine:81-255,Target:0
LOGICAL EXPRESSION: 0&1&2&3
* SUBSIG ID 0
+-> OFFSET: 0
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
l
* SUBSIG ID 1
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
O{WILDCARD_ANY_STRING(LENGTH<=200)}(
* SUBSIG ID 2
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
+-> TRIGGER: 0&1
+-> REGEX: \x28\x00\x00\x00[\x00-\xff][\x00-\xff]\x90[\x04-\xff]
+-> CFLAGS: (null)
* SUBSIG ID 3
+-> OFFSET: ANY
+-> SIGMOD: NONE
+-> DECODED SUBSIGNATURE:
{WILDCARD_ANY_STRING(LENGTH==4)}
Information on CVE-2016-3301 can be found at
<https://nvd.nist.gov/vuln/detail/CVE-2016-3301>.
After that I think you are on your own to decide.
-Al-
--
Al Varnell
Mountain View, CA
ClamXav user
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
