Mailing List Archive

Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives
Since 25th May, my email system (according to this new signature) is
rife with a virus that didnt (and still doesnt) exist in these historic
emails. These emails (an extract of the scan results is shown below)
have PDF's in them but are without risk. Can we drop this signature please?

Thanks


D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND

and several hundred more
Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
Since 25th May, my email system (according to this new signature) is
rife with a virus that didnt (and still doesnt) exist in these historic
emails. These emails (an extract of the scan results is shown below)
have PDF's in them but are without risk. Can we drop this signature please?

Thanks


D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND
D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
Win.Exploit.CVE_2019_0758-6968262-1 FOUND

and several hundred more
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
On 5/27/19 11:38 AM, Groach via clamav-users wrote:
> Since 25th May, my email system (according to this new signature) is
> rife with a virus that didnt (and still doesnt) exist in these historic
> emails.  These emails (an extract of the scan results is shown below)
> have PDF's in them but are without risk.  Can we drop this signature please?

I agree.
I had to whitelist this sig.

bye
av.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
On Mon, 27 May 2019 12:47:13 +0200
Andrea Venturoli <ml@netfence.it> wrote:

> On 5/27/19 11:38 AM, Groach via clamav-users wrote:
> > Since 25th May, my email system (according to this new signature)
> > is rife with a virus that didnt (and still doesnt) exist in these
> > historic emails.  These emails (an extract of the scan results is
> > shown below) have PDF's in them but are without risk.  Can we drop
> > this signature please?
>
> I agree.
> I had to whitelist this sig.

That signature was dropped in daily 25462 so updating database should
be enough now.

--
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
Thanks for the update. I'll run it through and test.

Cheers

On 27/05/2019 13:34, Tuomo Soini wrote:
> On Mon, 27 May 2019 12:47:13 +0200
> Andrea Venturoli <ml@netfence.it> wrote:
>
>> On 5/27/19 11:38 AM, Groach via clamav-users wrote:
>>> Since 25th May, my email system (according to this new signature)
>>> is rife with a virus that didnt (and still doesnt) exist in these
>>> historic emails. These emails (an extract of the scan results is
>>> shown below) have PDF's in them but are without risk. Can we drop
>>> this signature please?
>> I agree.
>> I had to whitelist this sig.
> That signature was dropped in daily 25462 so updating database should
> be enough now.
>
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that was
published on the morning of the 28th. If you got that version or 25464 from
this morning you should be fine.

Dave R.

On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Since 25th May, my email system (according to this new signature) is rife
> with a virus that didnt (and still doesnt) exist in these historic
> emails.?? These emails (an extract of the scan results is shown below) have
> PDF's in them but are without risk.?? Can we drop this signature please?
>
> Thanks
>
>
> D:\Datastore\hMailData\mydomain.net\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
> and several hundred more
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
---
Dave Raynor
Talos Security Intelligence and Research Group
draynor@sourcefire.com
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
Yes. It has since stopped reporting from Sunday.


On 29/05/2019 15:07, David Raynor wrote:
> Win.Exploit.CVE_2019_0758-6968262-1 was dropped in daily 25463 that
> was published on the morning of the 28th. If you got that version or
> 25464 from this morning you should be fine.
>
> Dave R.
>
> On Wed, May 29, 2019 at 9:39 AM Groach via clamav-users
> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> wrote:
>
> Since 25th May, my email system (according to this new signature)
> is rife with a virus that didnt (and still doesnt) exist in these
> historic emails.?? These emails (an extract of the scan results is
> shown below) have PDF's in them but are without risk.?? Can we
> drop this signature please?
>
> Thanks
>
>
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\ann\61\{613A996C-968D-442C-BF07-B5BA1704A79B}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\ann\84\{84206D6D-4665-4DA7-BB72-63F9FDCF8D3A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\00\{007E306E-9A30-41E4-94F8-4ADC13B69D3F}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\03\{03EE7140-81BA-4F9C-8282-BCDF515C036A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\04\{044E8E8F-4409-4A26-A5FA-08A8935166DB}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\05\{0509C691-0E9E-4333-8600-931E279251F6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\06\{06EB0A67-BB7B-452E-998F-3D1D4115A2A7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\06\{06EE8596-D4F1-4115-A0B2-FF9DD204A6E6}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\11\{11D9F311-3765-4783-8C32-9ED8F74FA53C}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\13\{13D21848-6188-4F8D-A41F-D549D3B7DD0A}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\19\{193A7E10-5024-42BF-AB93-782B8B3D678D}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\21\{21065CDC-0E74-46DF-96AB-70E7153EBDA5}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\24\{24566998-C28F-443C-9402-EB6CDEAA1D75}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\24\{247F7F9A-02B4-4E8A-B12A-6C5459CA3D97}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\24\{24868C4D-2E81-4FE3-982E-44B81FA7E4C4}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\25\{25FE91E4-9A8E-4660-BE70-C56100C6F178}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\26\{2612BBDD-22DB-4CCF-843A-6AF4FA0C2688}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\28\{28385A6B-0546-4D0D-A0E6-F8016EDF1CC8}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\2A\{2A6AFBE6-C309-49E8-8A86-7B14A29D9071}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\2A\{2AE80F71-9335-421A-BCFC-912A46391BF7}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
> D:\Datastore\hMailData\mydomain.net
> <http://mydomain.net>\sales\2B\{2B0EAE95-B98C-4778-BF63-0E70D354DC27}.eml:
> Win.Exploit.CVE_2019_0758-6968262-1 FOUND
>
> and several hundred more
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> --
> ---
> Dave Raynor
> Talos Security Intelligence and Research Group
> draynor@sourcefire.com <mailto:draynor@sourcefire.com>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
This has since been proven ok. The FP's stopped last week.

Thanks


02/06/19 17:25

On 27/05/2019 13:34, Tuomo Soini wrote:
> On Mon, 27 May 2019 12:47:13 +0200
> Andrea Venturoli <ml@netfence.it> wrote:
>
>> On 5/27/19 11:38 AM, Groach via clamav-users wrote:
>>> Since 25th May, my email system (according to this new signature)
>>> is rife with a virus that didnt (and still doesnt) exist in these
>>> historic emails. These emails (an extract of the scan results is
>>> shown below) have PDF's in them but are without risk. Can we drop
>>> this signature please?
>> I agree.
>> I had to whitelist this sig.
> That signature was dropped in daily 25462 so updating database should
> be enough now.
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
unsubscribe

On 02/06/19 18:26, Groach via clamav-users wrote:
> This has since been proven ok.?? The FP's stopped last week.
>
> Thanks
>
>
> 02/06/19 17:25
>
> On 27/05/2019 13:34, Tuomo Soini wrote:
>> On Mon, 27 May 2019 12:47:13 +0200
>> Andrea Venturoli<ml@netfence.it> wrote:
>>
>>> On 5/27/19 11:38 AM, Groach via clamav-users wrote:
>>>> Since 25th May, my email system (according to this new signature)
>>>> is rife with a virus that didnt (and still doesnt) exist in these
>>>> historic emails.?? These emails (an extract of the scan results is
>>>> shown below) have PDF's in them but are without risk.?? Can we drop
>>>> this signature please?
>>> I agree.
>>> I had to whitelist this sig.
>> That signature was dropped in daily 25462 so updating database should
>> be enough now.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Roberto Mazzini

Giolli coop

--
Giolli Società Cooperativa Sociale
Centro permanente di ricerca e sperimentazione teatrale
sui metodi Boal e Freire
Via Chiesa, 12
43022 Montechiarugolo (PR)
telefax: 0521-686385
e-mail: segreteria@giollicoop.it
web: www.giollicoop.it
FaceBook: CooperativaGiolli

_________________________________________________________________________________________________________________________________________________________________________________________________________________________________
PRIVACY

Ai sensi e per effetti della Legge sulla tutela della riservatezza personale (D. Lgs. 196/03),
questa mail è destinata unicamente alle persone sopra indicate e le informazioni in essa contenute
sono da considerarsi strettamente riservate. E' proibito leggere, copiare, usare o diffondere il
contenuto della presente missiva senza autorizzazione.
Se avete ricevuto questo messaggio per errore, siete pregati di distruggerlo immediatamente.

Confidentiality Notice:
This message, together with its annexes, contains information to be deemed strictly confidential
and is destined only to the addressee(s) identified above who only may use, copy and, under his/their
responsibility, further disseminate it. If anyone received this message by mistake or reads it without
entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons
other than the addressee(s) is strictly forbidden and is asked to transmit it immediately to the sender
and to erase the original message received.
Re: Win.Exploit.CVE_2019_0758-6968262-1 - VERY false positives [ In reply to ]
You must unsubscribe yourself at the bottom of this page:
<https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>>

-Al-

> On Jun 3, 2019, at 12:54, Roberto Mazzini <rob@giollicoop.it> wrote:
>
> unsubscribe
>