ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Xml.Exploit.CVE_2013_3860-1 FOUND
karthikeyan


Joined: 20 Mar 2016
Posts: 4
Reply with quote
In my routine clam scan, i got to know the below file is infected. But this file exist in server since 2003 and more over its doc file of python.

Is the below alert is genuine ? need your comments


/usr/share/doc/libxml2-python-2.6.26/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
I suggest you upload the file to virustotal and make sure it is safe. If it is, then please file a false positive report at ClamAV's false positive mail here: http://www.clamav.net/contact
View user's profileSend private message
karthikeyan


Joined: 20 Mar 2016
Posts: 4
Reply with quote
Hello

As scanned infected file on Virus total and results seems to be positive. update false positive results to clamv.

/usr/share/doc/libxml2-python-2.6.26/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4210
Location: USA
Reply with quote
Clam AV is often a bit generic on files that are not Windows PE files--like batch files, text files, javascript, and html. There are lots of ways such files can be exploited by malware, and Clam AV does not have enough resources to dig too deep into them.

Over the years, I have learned to trust these AVs: Avira, Bitdefender, Eset Nod 32, Kaspersky, and Sophos. They use their own scan engines--not someone else's, and they have a good commercial user base to keep happy. If at least 2 of them say a file is infected, they are probably correct.

Regards,
View user's profileSend private message
Lipper


Joined: 31 Oct 2010
Posts: 106
Location: USA
Reply with quote
False positive is fixed in daily 21975. Smile
View user's profileSend private message
Win.Exploit.CVE_2016_3316-1 False positive
kasa1982


Joined: 12 Aug 2016
Posts: 2
Reply with quote
Dears,

I am using clamav on my server and unfortunetely, clavas has been detected and moved to "C:\ProgramData\.clamwin\quarantine" ALMOST all of my files. Any idea to restore this files do its original folders without move one by one?

I have more than 20 thousands files with this false positive.

Please help me.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4210
Location: USA
Reply with quote
You said Clam AV. If you meant ClamWin, then read below. If you are using Clam AV, we cannot help you--Clam AV is a Linux app. ClamWin is a Windows app.

Ouch! The QRestore (quarantine restore) program in the ClamWin Bin folder was made to be used to restore items from quarantine. However...if you also use Clam Sentinel with ClamWin, the Sentinel Restore program is much better. You can click on the checkmark at the top to select all files at once, and then restore them. Sentinel Restore may not work for you if you are not now using it--anyway try it. Otherwise, I suggest you come up with some sort of removal script.

Before starting, however, whitelist the entire folder (for now anyway) from both Clam Sentinel and CloamWin.

There may be a script available--check the ClamWin forums.

For the future: I suggest that you do not use either Clam AV or ClamWin on a server. You need something heavy duty for that sort of use.

Good Luck!

Regards,
View user's profileSend private message
kasa1982


Joined: 12 Aug 2016
Posts: 2
Reply with quote
GuitarBob wrote:
You said Clam AV. If you meant ClamWin, then read below. If you are using Clam AV, we cannot help you--Clam AV is a Linux app. ClamWin is a Windows app.

Ouch! The QRestore (quarantine restore) program in the ClamWin Bin folder was made to be used to restore items from quarantine. However...if you also use Clam Sentinel with ClamWin, the Sentinel Restore program is much better. You can click on the checkmark at the top to select all files at once, and then restore them. Sentinel Restore may not work for you if you are not now using it--anyway try it. Otherwise, I suggest you come up with some sort of removal script.

Before starting, however, whitelist the entire folder (for now anyway) from both Clam Sentinel and CloamWin.

There may be a script available--check the ClamWin forums.

For the future: I suggest that you do not use either Clam AV or ClamWin on a server. You need something heavy duty for that sort of use.

Good Luck!

Regards,


Thanks a lot. It was very helpful.. I will get the tips.
View user's profileSend private message
Xml.Exploit.CVE_2013_3860-1 FOUND
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic