[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #TIH-336571]: clamav false positive for ldm source files



Clark,

Thanks for the heads-up.

> I just wanted to give a heads-up about this.  We run LDM on many of our Red
> Hat Linux machines.  We also run ClamAV which updates and scans daily.  For
> several weeks now, clamav has been reporting what we believe to be a false
> positive on the following files:
> 
> /usr/share/doc/libxml2-python-2.6.26/reader2.py:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> /usr/local/ldm/ldm-6.10.1/src/libxml2/testrecurse.c:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> /usr/local/ldm/ldm-6.10.1/src/libxml2/python/tests/reader2.py:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> /usr/local/ldm/ldm-6.10.1/src/libxml2/test/recurse/lol1.xml:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> /usr/local/ldm/ldm-6.10.1/src/libxml2/test/recurse/lol5.xml:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> /usr/local/ldm/ldm-6.10.1/src/libxml2/test/recurse/lol2.xml:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> /usr/local/ldm/ldm-6.10.1/src/libxml2/test/recurse/lol6.xml:
> Xml.Exploit.CVE_2013_3860-1 FOUND
> 
> 
> I filed a false positive report with clamav on July 22nd.  Now the
> "reader2.py" and "testrecurse.c" files no longer alert for anything,
> however the "lol[#].xml" files are still alerting.  Today I filed another
> false positive report ?with clamav and wanted to let you know.

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: TIH-336571
Department: Support LDM
Priority: Normal
Status: Closed
===================
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata 
inquiry tracking system and then made publicly available through the web.  If 
you do not want to have your interactions made available in this way, you must 
let us know in each email you send to us.



NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.