On Friday 20 October 2017 00:24:20 Tsutomu Oyamada wrote: > Hi, > > The false positive for omni.ja is still ocurring. > I have been reported this many times, but it has not fixed yet. > > I have been troubled with this issue. > What am I supposed to do? > I too have reported this, but nothing is being done. > > On Sat, 23 Sep 2017 09:53:30 -0400 > > Gene Heskett <ghesk...@shentel.net> wrote: > > On Saturday 23 September 2017 03:59:17 Al Varnell wrote: > > note correction in subject file location > > > > > So here are the facts with regard to > > > Html.Exploit.CVE_2017_8750-6336209-0 (which is not the same as > > > previously reported in this thread). It was just added to the > > > database about fifteen hours ago in daily - 23863 and is looking > > > for two strings which you can observer by using the following (I'm > > > not posting it here so this e-mail won't be detected as infected): > > > > > > sigtool -fHtml.Exploit.CVE_2017_8750-6336209-0|sigtool > > > --decode-sigs > > > > > > CVE-2017-8750 is described as > > > <https://nvd.nist.gov/vuln/detail/CVE-2017-8750>: "Internet > > > Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, > > > Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and > > > Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, > > > 1607, 1703, and Windows Server 2016 allow an attacker to execute > > > arbitrary code in the context of the current user due to the way > > > that Microsoft browsers access objects in memory, aka "Microsoft > > > Browser Memory Corruption Vulnerability"." > > > > > > so it's not a threat to your platform unless you are also running > > > Windows somehow. > > > > I've a bounty on windows here, nuke on encounter. > > > > > My power just came back so I scanned my Firefox 55.0.3 for Mac and > > > it tested clean. Taking a look at the omni.ja file I see 109 > > > occurrences of the first string, but not the second. > > > > > > So at this point I'll just repeat my advise from before to submit > > > that file to <http://www.clamav.net/reports/fp> then return here > > > and report a hash value. > > > > Means to determine hash? I'll assume sha256sum here > > > > gene@coyote:~/firefox/browser$ sha256sum omni.ja > > 2dafa74b0c099130313a9375d433f6d93fb8f672f1620e28221b6573ed0ae348 > > omni.ja > > > > Thanks Al > > > > > On Sat, Sep 23, 2017 at 12:12 AM, Gene Heskett wrote: > > > > On Saturday 23 September 2017 02:32:48 Al Varnell wrote: > > > >> Power out here so cannot check. Was negative when I looked at > > > >> macOS version last week. > > > >> > > > >> What OS? > > > > > > > > 32 bit wheezy,on an AMD phenom, all up to date. uname -a > > > > > > > > 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.39-1+deb8u1~bpo70+1 > > > > (2017-02-24) x86_64 GNU/Linux > > > > > > > > Thank you Al. > > > > > > > >> Sent from my iPhone > > > >> > > > >> -Al- > > > > > > > > Cheers, Gene Heskett > > > > > > -Al- > > > > Cheers, Gene Heskett > > -- > > "There are four boxes to be used in defense of liberty: > > soap, ballot, jury, and ammo. Please use in that order." > > -Ed Howdershelt (Author) > > Genes Web page <http://geneslinuxbox.net:6309/gene> > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
