Discussion:
[clamav-users] Infor about Xml.Exploit.CVE_2013_3860-1
(too old to reply)
Junuzovic Vahid
2016-07-25 09:53:48 UTC
Permalink
The last night I got the notification:
--- cut here ---
/usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4667493
Engine version: 0.99
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 13.372 sec (0 m 13 s)
--- cut here ---

I've checked the file and it seems to be original file of the package libxml2-python-2.7.6-21.el6.x86_64.
I checked it on other server and the timestamp/dimension are the same.
I checked also it using Kaspersky and it shows that the file is clean.

What is the reason that ClamAV is reporting it as Exploit? Some error or really exploit detected on this file?


Thanks,



Junuzovic Vahid
Tel. +39-0125.810759
Mob. +39-335.7598808


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Al Varnell
2016-07-25 10:08:25 UTC
Permalink
Because you have not reported it as a False Positive at <http://www.clamav.net/reports/fp>

Also see this identical report from yesterday:

<http://lists.clamav.net/pipermail/clamav-users/2016-July/003143.html>

-Al-
Post by Junuzovic Vahid
--- cut here ---
/usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 4667493
Engine version: 0.99
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 13.372 sec (0 m 13 s)
I've checked the file and it seems to be original file of the package libxml2-python-2.7.6-21.el6.x86_64.
I checked it on other server and the timestamp/dimension are the same.
I checked also it using Kaspersky and it shows that the file is clean.
What is the reason that ClamAV is reporting it as Exploit? Some error or really exploit detected on this file?
Junuzovic Vahid
Junuzovic Vahid
2016-07-25 10:24:03 UTC
Permalink
Yes now I did it using IE, before I tried it with Firefox 47 but without success, upload procedure never start after choosing of the file to submit! I don't know the reason, maybe my proxy that I'm using it!

Regards,
Vahid

-----Original Message-----
From: clamav-users [mailto:clamav-users-***@lists.clamav.net] On Behalf Of Al Varnell
Sent: lunedì 25 luglio 2016 12:09
To: ClamAV users ML
Subject: Re: [clamav-users] Infor about Xml.Exploit.CVE_2013_3860-1

Because you have not reported it as a False Positive at <http://www.clamav.net/reports/fp>

Also see this identical report from yesterday:

<http://lists.clamav.net/pipermail/clamav-users/2016-July/003143.html>

-Al-
Post by Junuzovic Vahid
--- cut here ---
/usr/share/doc/libxml2-python-2.7.6/reader2.py: Xml.Exploit.CVE_2013_3860-1 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 4667493
Engine version: 0.99
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.01 MB
Data read: 0.00 MB (ratio 2.00:1)
Time: 13.372 sec (0 m 13 s)
I've checked the file and it seems to be original file of the package libxml2-python-2.7.6-21.el6.x86_64.
I checked it on other server and the timestamp/dimension are the same.
I checked also it using Kaspersky and it shows that the file is clean.
What is the reason that ClamAV is reporting it as Exploit? Some error or really exploit detected on this file?
Junuzovic Vahid
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Loading...