www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <l...@apache.org>
Subject Re: Infected PDF
Date Sat, 02 Jan 2016 00:12:47 GMT
Brad Koehn wrote:
> ClamAV 0.99 (main.cvd version:55; daily.cld version: 21218; bytecode.cld version: 270)
is reporting a virus in one of the httpd files on my mirror:
> 
> httpd/docs/apache-docs-1.3.23.pdf.zip: BC.Exploit.CVE_2012_4148 FOUND
> 
> This is on http://mirrors.koehn.com/apache/httpd/docs/apache-docs-1.3.23.pdf.zip (on
my mirror, which is rsynced from rsync.apache.org::apache-dist, and presumably other mirrors
from the same source. I’m not sure how long the exploit has been there, or even if it’s
a false positive, but thought I should let you know. 


Thank you very much for your message.

I've double-checked the file (on your mirror and apache.org) and according
to www.virustotal.com only Clamav (1 out of 55 virus scanners) considers 
it as infected. Also, the infection  mentioned by Clamav is for a CVE 
from 2012, but the file itself was last updated in 2009. 
I'm therefore considering it a false positive. 


Best regards
-- 
Lars Eilebrecht
lars@apache.org


Mime
View raw message