SCIENTIFIC-LINUX-USERS Archives

July 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: libxml2-python Infected File
From:
"W.M." <[log in to unmask]>
Reply To:
W.M.
Date:
Mon, 25 Jul 2016 18:01:52 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
It appears this is a false positive caused by a recent daily update as 
per the clamav-users mailing list 
(http://lists.clamav.net/pipermail/clamav-users/2016-July/003150.html). 
The thread was started yesterday which explains why I didn't find any 
information in my initial google search. It was recently reported as a 
false positive and the end of the thread says it has been removed 
although a scan today still gave it as a result even after a freshclam.

Thanks for the help.

William

On 07/24/2016 11:43 PM, Iosif Fettich wrote:
>> This may be helpful to you:
>> https://www.clamxav.com/BB/viewtopic.php?f=1&t=4085&p=22064
>>
>> I'm tipping a false positive with a new definition update. If you 
>> haven't already, I would update to the latest definitions via 
>> freshclam and look again.
>>
>> If you feel its a security issue, you can try a 'yum verify' after 
>> installing the yum-plugin-verify package. This will check files 
>> installed on the system versus the packaged files. If all that comes 
>> back good, then you should be ok.
>
> A supplemental check can easily be done by submitting your suspect 
> file to
> https://www.virustotal.com/en/.
>
> ClamAV is giving rather often false positives, and some of then may 
> stay as such for long.
>
> Best regards,
>
> Iosif Fettich

ATOM RSS1 RSS2