One additional note. That signature has been in the ClamAV.ldb database since 19 Apr 2017 back when first defined, making it relatively unlikely to be a false positive at this point in time.
Also note from the CVE-2017-3049 detail <https://nvd.nist.gov/vuln/detail/CVE-2017-3049> that it was at the time considered to be a High threat to Adobe Acrobat Reader versions back then. I'm certain that Adobe has eliminated the threat by now in modern versions, but that doesn't render any exploit as a false positive since it could still be used to target users who still need to run those older applications for economic or other reasons. -Al- Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-essential-email>, the email extension that does it all On May 7, 2021, at 00:59, Al Varnell <alvarn...@mac.com> wrote: > Prof Rulle, > > I believe you mean a false positive, don't you? A false negative would be a > failure to report, but clearly ClamAV does detect this. > > The proper way to report this would be to file a False Positive Report here: > <https://www.clamav.net/reports/fp <https://www.clamav.net/reports/fp>>. If > you can also provide a hash value of file in question back here, that might > speed up the process. Simply verifying one of these hash values from the > VirusTotal report will work: > > MD5 <>04267b6af9a1bad85d5cd6aecb1e4d28 <> > SHA-1 <>cf7d73066f921fc7101c06aebc5e090cebffd2b2 <> > SHA-256 <>7563a2b175d3c48069960e0290ac08e3f379cd74307e44c995df52d5dc6fc002 > <> > > > Powered by Mailbutler > <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-essential-email>, > the email extension that does it all > > -Al- > ClamXAV User > > On May 6, 2021, at 23:46, Andreas Rulle <andreas.ru...@itek.de > <mailto:andreas.ru...@itek.de>> wrote: >> Hi, thank you for your great service to internet security! >> >> A false negative report has been issued this week for >> Img.Exploit.CVE_2017_3049-6268090-0, see also the virus total report under >> [1]. >> >> The issue has to be handled under the General Data Protection Regulation >> (GDPR). Therefore I would politely like to ask for the evaluation state of >> that false negative report. >> >> Thanks in advance for your kind response. >> >> [1] >> https://www.virustotal.com/gui/file/7563a2b175d3c48069960e0290ac08e3f379cd74307e44c995df52d5dc6fc002/detection >> >> <https://www.virustotal.com/gui/file/7563a2b175d3c48069960e0290ac08e3f379cd74307e44c995df52d5dc6fc002/detection> >> -- >> >> >> P.S. Abonnieren Sie unseren Newsletter zu den aktuellen Themen der >> Standardisierung und IT-Lösungen in Ihrer Branche! >> https://www.itek.de/aktuelles/newsletter >> <https://www.itek.de/aktuelles/newsletter> >> >> >> ITEK Technologie GmbH >> Technologiepark 14 >> 33100 Paderborn >> >> Tel. +49 5251 / 16140 >> Fax +49 5251 / 161499 >> www.itek.de <http://www.itek.de/> >> mailto: Andreas ru...@itek.de <mailto:ru...@itek.de> >> >> Geschäftsführer: Prof. Dr. Uwe Kern >> Registergericht /-nummer: Paderborn / HRB 13522 >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
