The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAv Claims Something is a Virus That is Not

Discussion in 'Security' started by denverdataman, Aug 10, 2016.

Tags:
  1. denverdataman

    denverdataman Member

    Joined:
    Jun 21, 2016
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denver
    cPanel Access Level:
    Root Administrator
    I have ConfigServer eXploit Scanner (cxs) scanning files with ClamAV. Last night at about 2AM (presumably when an update was done to the ClamAv signatures) I started getting hundreds of messages that ClamAV has detected a virus - ClamAV detected virus = [Win.Exploit.CVE_2016_3316-1]. After more research, this exploit is not a virus. I do not know why specific .doc files are being tagged with this exploit but my research shows that no specific document can have this bug more than any other document.

    I would like to tell ClamAv not to scan for Win.Exploit.CVE_2016_3316-1 at all. Any help on doing this is greatly appreciated.

    Thanks,
    Steve
     
  2. MarkDalton

    MarkDalton Active Member

    Joined:
    Mar 16, 2013
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Yesterday we started to receive complaints of email being blocked because they contained a virus Win.Exploit.CVE_2016_3316-1.

    This forum post would seem to indicate that it is a False Positive.
    discussions.apple.com/thread/7634186?start=0&tstart=0
    I get message Infected with virus Win.Exploit.C... | Official Apple Support Communities

    Anybody able to confirm? Do we know timelines for an updated signature set?
     
    #2 MarkDalton, Aug 11, 2016
    Last edited by a moderator: Aug 11, 2016
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. denverdataman

    denverdataman Member

    Joined:
    Jun 21, 2016
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denver
    cPanel Access Level:
    Root Administrator
    In the masses of email, I was getting from Clam I did not see this. Thank you for the response. #sudo freshclam fixes the problem.

    Thanks,
    Steve
     
    Infopro likes this.
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Happy to hear you got it sorted. :)
     
Loading...

Share This Page