www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Barclay <r...@rbftpnetworks.com>
Subject Re: Infected PDF
Date Sat, 02 Jan 2016 00:46:00 GMT
False positive.

Sent from my iPhone

> On 2 Jan 2016, at 00:12, Lars Eilebrecht <lars@apache.org> wrote:
> 
> Brad Koehn wrote:
>> ClamAV 0.99 (main.cvd version:55; daily.cld version: 21218; bytecode.cld version:
270) is reporting a virus in one of the httpd files on my mirror:
>> 
>> httpd/docs/apache-docs-1.3.23.pdf.zip: BC.Exploit.CVE_2012_4148 FOUND
>> 
>> This is on http://mirrors.koehn.com/apache/httpd/docs/apache-docs-1.3.23.pdf.zip
(on my mirror, which is rsynced from rsync.apache.org::apache-dist, and presumably other mirrors
from the same source. I’m not sure how long the exploit has been there, or even if it’s
a false positive, but thought I should let you know.
> 
> 
> Thank you very much for your message.
> 
> I've double-checked the file (on your mirror and apache.org) and according
> to www.virustotal.com only Clamav (1 out of 55 virus scanners) considers 
> it as infected. Also, the infection  mentioned by Clamav is for a CVE 
> from 2012, but the file itself was last updated in 2009. 
> I'm therefore considering it a false positive. 
> 
> 
> Best regards
> -- 
> Lars Eilebrecht
> lars@apache.org
> 

Mime
View raw message