Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Joel Esler (jesler)
Yup. Understood. *may* bring the key word in my email. I'll ping Alain tomorrow if he can light the subject. -- Joel Esler iPhone On Jul 26, 2016, at 11:14 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: I hate having to point this out, but... When Alain notified the list that the signatur

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Al Varnell
I hate having to point this out, but... When Alain notified the list that the signature had been dropped on July 25, 2016 at 8:12:21 AM PDT, daily:21968 had just be published. It wasn’t until daily:21975 that the following appeared with the first dropped entry: > ClamAV Signature Publishing Not

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Joel Esler (jesler)
It may take more than one publish cycle to drop a sig. Publish cycles are at least every four hours. -- Joel Esler iPhone On Jul 26, 2016, at 10:16 PM, Al Varnell mailto:alvarn...@mac.com>> wrote: Appears to be finally gone at this time.

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Al Varnell
Appears to be finally gone at this time.

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Al Varnell
I know, that’s what I said. It has not been dropped. -Al- On Tue, Jul 26, 2016 at 01:32 AM, Junuzovic Vahid wrote: > > But I'm already running 21972 and the exploit FP is still present! > --- cut here --- > sigtool -i /var/lib/clamav/daily.cld > File: /var/lib/clamav/daily.cld > Build time: 26

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Junuzovic Vahid
here --- Vahid -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Al Varnell Sent: martedì 26 luglio 2016 10:22 To: ClamAV users ML Subject: Re: [clamav-users] CVE_2013_3860-1 There seems to be some problem with the system that drops signatures ove

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Al Varnell
gt; Data scanned: 0.01 MB > Data read: 0.00 MB (ratio 2.00:1) > Time: 14.303 sec (0 m 14 s) > [root@prdfeec01 clamav]# > --- cut here --- > > Vahid > > -Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf > Of Alai

Re: [clamav-users] CVE_2013_3860-1

2016-07-26 Thread Junuzovic Vahid
-boun...@lists.clamav.net] On Behalf Of Alain Zidouemba Sent: lunedì 25 luglio 2016 17:13 To: ClamAV users ML Subject: Re: [clamav-users] CVE_2013_3860-1 Xml.Exploit.CVE_2013_3860-1 has been dropped. Thanks, - Alain On Sun, Jul 24, 2016 at 11:51 AM, Al Varnell wrote: > There was a

Re: [clamav-users] CVE_2013_3860-1

2016-07-25 Thread Alain Zidouemba
Xml.Exploit.CVE_2013_3860-1 has been dropped. Thanks, - Alain On Sun, Jul 24, 2016 at 11:51 AM, Al Varnell wrote: > There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily: > 20352 on Apr 20, 2015 which was found to be producing FP’s and was removed > by daily: 20358. > > The

Re: [clamav-users] CVE_2013_3860-1

2016-07-24 Thread Al Varnell
There was a previous Xml.Exploit.CVE_2013_3860-1 signature added by daily: 20352 on Apr 20, 2015 which was found to be producing FP’s and was removed by daily: 20358. The current Xml.Exploit.CVE_2013_3860-1 was re-introduced by daily - 21939 on Jul 20, 2016 and I know of one ClamXav user report

Re: [clamav-users] CVE_2013_3860-1

2016-07-24 Thread Joel Esler (jesler)
Okay, Have you filed a false positive with us through ClamAV.net? -- Joel Esler iPhone On Jul 24, 2016, at 10:15 AM, c chupela mailto:cnctem...@yahoo.com>> wrote: My Clamav installation, engine version .99, signature daily.cld updated (version: 21959, sigs: 454048, f-level