Some ClamXAV users reported this and since it's a Windows CVE it has been whitelisted for them.
Be sure and submit a sample or two to <https://www.clamav.net/reports/fp <https://www.clamav.net/reports/fp>> and return here with hash values for the file(s). -Al- On Wed, Jan 17, 2018 at 09:49 AM, Orion Poplawski wrote: > Html.Exploit.CVE_2017_8747-6336227-0 is triggering on the following content: > > https://ow1.res.office365.com/owamail/20180105.04/scripts/owa.mail.js > <https://ow1.res.office365.com/owamail/20180105.04/scripts/owa.mail.js> > https://display.ugc.bazaarvoice.com/static/BonTon/BTN/93/6060_4_0/en_US/stylesheets/screen.css > > <https://display.ugc.bazaarvoice.com/static/BonTon/BTN/93/6060_4_0/en_US/stylesheets/screen.css> > https://display.ugc.bazaarvoice.com/static/Lenovo/main_site/528/8923/en_US/stylesheets/screen.css > > <https://display.ugc.bazaarvoice.com/static/Lenovo/main_site/528/8923/en_US/stylesheets/screen.css> > > Orion Poplawski _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
