SCIENTIFIC-LINUX-USERS Archives

July 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: libxml2-python Infected File
From:
Steven Haigh <[log in to unmask]>
Reply To:
Steven Haigh <[log in to unmask]>
Date:
Mon, 25 Jul 2016 10:50:29 +1000
Content-Type:
text/plain
Parts/Attachments:
text/plain (28 lines) 
On 2016-07-25 10:23, W.M. wrote:
> Running clamscan today I received the following infected file report.
> 
> /usr/share/doc/libxml2-python-2.9.1/reader2.py:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> 
> Has anyone else received this or should I just remove the file?
> libxml2-python seems to be a fairly common library.

This may be helpful to you:
https://www.clamxav.com/BB/viewtopic.php?f=1&t=4085&p=22064

I'm tipping a false positive with a new definition update. If you 
haven't already, I would update to the latest definitions via freshclam 
and look again.

If you feel its a security issue, you can try a 'yum verify' after 
installing the yum-plugin-verify package. This will check files 
installed on the system versus the packaged files. If all that comes 
back good, then you should be ok.

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897

ATOM RSS1 RSS2