I assume we are all still talking about Html.Exploit.CVE_2017_8750-6336209-0?
Gene, I believe your report was an omni.ja files infected with Html.Exploit.CVE_2017_8757-6336185-0. They have both been dealt with locally by ClamXAV, but I've not seen either listed as dropped by ClamAV yet. Different versions of Firefox on different platforms. -Al- On Thu, Oct 19, 2017 at 10:24 PM, Gene Heskett wrote: > On Friday 20 October 2017 00:24:20 Tsutomu Oyamada wrote: > >> Hi, >> >> The false positive for omni.ja is still ocurring. >> I have been reported this many times, but it has not fixed yet. >> >> I have been troubled with this issue. >> What am I supposed to do? >> > I too have reported this, but nothing is being done. >> >> On Sat, 23 Sep 2017 09:53:30 -0400 >> >> Gene Heskett <ghesk...@shentel.net <mailto:ghesk...@shentel.net>> wrote: >>> On Saturday 23 September 2017 03:59:17 Al Varnell wrote: >>> note correction in subject file location >>> >>>> So here are the facts with regard to >>>> Html.Exploit.CVE_2017_8750-6336209-0 (which is not the same as >>>> previously reported in this thread). It was just added to the >>>> database about fifteen hours ago in daily - 23863 and is looking >>>> for two strings which you can observer by using the following (I'm >>>> not posting it here so this e-mail won't be detected as infected): >>>> >>>> sigtool -fHtml.Exploit.CVE_2017_8750-6336209-0|sigtool >>>> --decode-sigs >>>> >>>> CVE-2017-8750 is described as >>>> <https://nvd.nist.gov/vuln/detail/CVE-2017-8750 >>>> <https://nvd.nist.gov/vuln/detail/CVE-2017-8750>>: "Internet >>>> Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, >>>> Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and >>>> Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, >>>> 1607, 1703, and Windows Server 2016 allow an attacker to execute >>>> arbitrary code in the context of the current user due to the way >>>> that Microsoft browsers access objects in memory, aka "Microsoft >>>> Browser Memory Corruption Vulnerability"." >>>> >>>> so it's not a threat to your platform unless you are also running >>>> Windows somehow. >>> >>> I've a bounty on windows here, nuke on encounter. >>> >>>> My power just came back so I scanned my Firefox 55.0.3 for Mac and >>>> it tested clean. Taking a look at the omni.ja file I see 109 >>>> occurrences of the first string, but not the second. >>>> >>>> So at this point I'll just repeat my advise from before to submit >>>> that file to <http://www.clamav.net/reports/fp >>>> <http://www.clamav.net/reports/fp>> then return here >>>> and report a hash value. >>> >>> Means to determine hash? I'll assume sha256sum here >>> >>> gene@coyote:~/firefox/browser$ sha256sum omni.ja >>> 2dafa74b0c099130313a9375d433f6d93fb8f672f1620e28221b6573ed0ae348 >>> omni.ja >>> >>> Thanks Al >>> >>>> On Sat, Sep 23, 2017 at 12:12 AM, Gene Heskett wrote: >>>>> On Saturday 23 September 2017 02:32:48 Al Varnell wrote: >>>>>> Power out here so cannot check. Was negative when I looked at >>>>>> macOS version last week. >>>>>> >>>>>> What OS? >>>>> >>>>> 32 bit wheezy,on an AMD phenom, all up to date. uname -a >>>>> >>>>> 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.39-1+deb8u1~bpo70+1 >>>>> (2017-02-24) x86_64 GNU/Linux >>>>> >>>>> Thank you Al. >>>>> >>>>>> Sent from my iPhone >>>>>> >>>>>> -Al- >>>>> >>>>> Cheers, Gene Heskett >>>> >>>> -Al- >>> >>> Cheers, Gene Heskett >>> -- >>> "There are four boxes to be used in defense of liberty: >>> soap, ballot, jury, and ammo. Please use in that order." >>> -Ed Howdershelt (Author) >>> Genes Web page <http://geneslinuxbox.net:6309/gene >>> <http://geneslinuxbox.net:6309/gene>> >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > > Cheers, Gene Heskett -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
