It never appeared on a daily as being dropped, but when I checked on Saturday and again just now, I can't find it:
> $ sigtool --find Pdf.Exploit.CVE_2017_3039-6300177-0 > $ I don't think it is related, but there was an issue with DNS that stopped all updates after 23343 late Saturday until mid morning Monday Pacific Time. -Al- On Tue, May 02, 2017 at 12:27 AM, Vladislav Kurz wrote: > > Hello, > > did you really drop the signature? > > During the weekend scan (clamscan), we got 45 false positives. According > to file names, they seem to be signed official PDF documents from goverment. > > On 04/28/17 17:16, Christopher Marczewski wrote: >> Thanks for the reports. We'll be modifying the signature. >> >> In the interim, I've dropped the current signature. >> >> On Fri, Apr 28, 2017 at 11:01 AM, Vladislav Kurz <vladislav.k...@webstep.net >>> wrote: >> >>> I have the same problem, and already submitted a false positive report. >>> In our case it was a signad pdf, so I suspect that the signature makes >>> it FP. But I have no idea how to work around it now. Maybe disable pdf >>> scanning? >>> >>> On 04/28/17 16:47, Giuseppe Ravasio wrote: >>>> Hi, >>>> since this morning daily signature update 23337 >>>> and even with the latest one 23338 >>>> my amavis flags some emails with PDF attachments as virus: >>>> Pdf.Exploit.CVE_2017_3039-6300177-0 FOUND >>>> >>>> Checking the PDF with other AVs and even with clamscan (on the same >>>> server) results in a clean file: >>>> >>>> beppe@thot:/tmp$ clamscan TCA.pdf >>>> TCA.pdf: OK >>>> >>>> ----------- SCAN SUMMARY ----------- >>>> Known viruses: 6272759 >>>> Engine version: 0.99.2 >>>> Scanned directories: 0 >>>> Scanned files: 1 >>>> Infected files: 0 >>>> Data scanned: 0.22 MB >>>> Data read: 0.08 MB (ratio 2.71:1) >>>> Time: 17.277 sec (0 m 17 s) >>>> >>>> if I check the file with clamdscan I get the virus found: >>>> beppe@thot:/tmp$ clamdscan TCA.pdf >>>> /tmp/TCA.pdf: Pdf.Exploit.CVE_2017_3039-6300177-0 FOUND >>>> >>>> ----------- SCAN SUMMARY ----------- >>>> Infected files: 1 >>>> Time: 0.032 sec (0 m 0 s) >>>> >>>> Any hints on how to solve the problem? >>>> >>>> Thanks >>>> Giuseppe >>>> _______________________________________________ >>>> clamav-users mailing list >>>> clamav-users@lists.clamav.net >>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>> >>>> >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>>> >>> >>> >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
