|Main Archive Page > Month Archives > clamav-users archives|
I greatly appreciate your time in confirming this. In response, I did
some additional research and understand that it is a true positive since
the file runs a test for that exact condition. Would white-listing it
using a file signature hash be valid measure, or would that a bad idea?
This is the first time I've encountered a true positive on a file I
would normally keep and want to make sure I handle it appropriately.
On 05/09/2014 01:04 PM, Alain Zidouemba wrote:
> The ClamAV alert for the test file you provided is not a false positive. It
> is actually a true positive.
> - Alain
> On Fri, May 9, 2014 at 9:25 AM, Alain Zidouemba
>> We are looking into it and will get back to you shortly.
>> - Alain
>> On Fri, May 9, 2014 at 9:06 AM, Bill Bennert <email@example.com> wrote:
>>> The clamav false positive submission system will not accept my entry and
>>> says that it is not detected by ClamAV. This is not a virus, not
>>> malware, this is a PHP test file for the PHP source. The released
>>> version for my dist is 0.98.1 but the submission system said to use the
>>> latest version, so I compiled 0.98.3 and came up with the same results
>>> on the latest database. Now I'm posting here to hopefully get it into
>>> the false positive list upon confirmation. If this is not the right
>>> place to post it, please point me in the right direction. After a lot of
>>> searches I have been unable to find any other real reference to this
>>> This is the test file in the PHP git repository.
>>> Adding the -z flag to clamscan will make it visible. With no options
>>> clamscan sees the file as OK.
>>> $ clamscan -z /opt/wr-php/php-src/ext/tidy/tests/bug54682.phpt
>>> PHP.Exploit.CVE_2011_4153-3 FOUND
>>> ----------- SCAN SUMMARY -----------
>>> Known viruses: 3358731
>>> Engine version: 0.98.1
>>> Scanned directories: 0
>>> Scanned files: 1
>>> Infected files: 1
>>> Data scanned: 0.00 MB
>>> Data read: 0.00 MB (ratio 0.00:1)
>>> Time: 10.410 sec (0 m 10 s)
>>> The only other possible record of this issue I was able to find is the
>>> following. No guarantee it's actually related, since the thread dies
>>> almost instantly with no resolution:
>>> Thank you for your help,
>>> Help us build a comprehensive ClamAV guide:
> Help us build a comprehensive ClamAV guide: