ClamAv Claims Something is a Virus That is Not
I have ConfigServer eXploit Scanner (cxs) scanning files with ClamAV. Last night at about 2AM (presumably when an update was done to the ClamAv signatures) I started getting hundreds of messages that ClamAV has detected a virus - ClamAV detected virus = [Win.Exploit.CVE_2016_3316-1]. After more research, this exploit is not a virus. I do not know why specific .doc files are being tagged with this exploit but my research shows that no specific document can have this bug more than any other document.
I would like to tell ClamAv not to scan for Win.Exploit.CVE_2016_3316-1 at all. Any help on doing this is greatly appreciated.
Thanks,
Steve
-
Yesterday we started to receive complaints of email being blocked because they contained a virus Win.Exploit.CVE_2016_3316-1. This forum post would seem to indicate that it is a False Positive. discussions.apple.com/thread/7634186?start=0&tstart=0 I get message Infected with virus Win.Exploit.C... | Official Apple Support Communities Anybody able to confirm? Do we know timelines for an updated signature set? 0 -
Going by the comments on the clamav list, this should be resolved in an update: [clamav-users] False Positive - Win.Exploit.CVE_2016_3316-1? 0 -
In the masses of email, I was getting from Clam I did not see this. Thank you for the response. #sudo freshclam fixes the problem. Thanks, Steve 0 -
Happy to hear you got it sorted. :) 0
Please sign in to leave a comment.
Comments
4 comments