Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was
published on the morning of the 28th. If you got that version or 25464 from
this morning you should be fine.
Dave R.
On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users <
clamav-users@lists.clamav.net> wrote:
> Since 25th May, my email system (according to this new signature) is rife
> with a virus that didnt (and still doesnt) exist in these historic
> emails.?? These emails (an extract of the scan results is shown below) have
> PDF's in them but are without risk.?? Can we drop this signature please?
>
> Thanks
>
>
> D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
> and several hundred more
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
--
---
Dave Raynor
Talos Security Intelligence and Research Group
dray...@sourcefire.com
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
