|
gerrydsa
| Joined: 17 Nov 2015 |
| Posts: 0 |
|
|
|
 Posted: Tue Nov 17, 2015 2:56 pm |
|
 |
 |
|
|
Hi Folks, we publish content using Articulate Presenter, the output is a SCORM in .zip format. Within that there are lots of files including some .swf files. Since yesterday ClamAV is detecting the .swf files as CVE-2015-5548 however this exploit is dependant of Flash player 18 where as we are running 19 this long time.
A scan of the suspect file on https://www.virustotal.com shows ClamAV as the only scanner to flag it.
Can I submit the file somewhere for your review?
Thanks
Gerry
|
|
|
|
ROCKNROLLKID
| Joined: 23 Sep 2013 |
| Posts: 0 |
| Location: **UNKNOWN** |
|
|
| Posted: Tue Nov 17, 2015 3:14 pm |
|
|
|
|
|
Hello. Please follow our false positive guide located here: https://forums.clamwin.com/viewtopic.php?t=4239
For future reference, you may view this guide at anytime. It is stickied to the top in almost every forum section.
|
|
|
|
gerrydsa
| Joined: 17 Nov 2015 |
| Posts: 0 |
|
|
|
| Posted: Tue Nov 17, 2015 3:18 pm |
|
|
|
|
|
Hi,
I did this already, I searched for CVE-2015-5548 but found nothing. It is a clean install ClamWin.
Thanks
Gerry
|
|
|
|
gerrydsa
| Joined: 17 Nov 2015 |
| Posts: 0 |
|
|
|
| Posted: Tue Nov 17, 2015 3:39 pm |
|
|
|
|
|
https://www.virustotal.com/en/file/b6d4f8cf0d97a6424be6208bb85cecd0a83a2560fd4ea65d5ce41718d335052f/analysis/
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Nov 17, 2015 4:06 pm |
|
|
|
|
|
Virus Total sends FPs to the AV involved, but it will probably help to send FPs to Clam AV also as ClamWin uses the Clam AV database and virus signatures.
Regards,
|
|
|
|
ROCKNROLLKID
| Joined: 23 Sep 2013 |
| Posts: 0 |
| Location: **UNKNOWN** |
|
|
| Posted: Tue Nov 17, 2015 10:09 pm |
|
|
|
|
|
Glad to see you have returned Bob.
Looks like a bad exploit signature. Give ti sometime and the ClamAV team will have it fixed.
|
|
|
