joerockhead28 Posted January 29, 2021 Report Share Posted January 29, 2021 Received a notice that a file was not quarantined. Ran a scan - nothing unusual. Is my computer still safe? File Name: C5-3398D8-00D543FD-BEDC-3BE0BE5-881E1.tmp @ 8:26:34pm EST Link to comment Share on other sites More sharing options...
ritchie58 Posted January 29, 2021 Report Share Posted January 29, 2021 Hi joe, I checked on the web & Virustotal & couldn't find any info regarding this file which doesn't surprise me since it was just a .tmp (temporary) file. Most likely this is a False Positive in my opinion. What is the detection name & exact file path associated with the detection? You should be able to find this data by clicking on the word Quarantine located below & to the right of the History tab on the UI, then see if you can find the detection in the right-side Details dialog box. A up-loaded screen grab of the box with the info included could prove to be useful. Also, do you recognize the file path for any software program you currently have installed? A custom Exclusion rule or two is all that may be needed to correct this from happening again if nothing malicious is going on. Cheers, Ritchie... Link to comment Share on other sites More sharing options...
joerockhead28 Posted January 29, 2021 Author Report Share Posted January 29, 2021 (edited) Thx, Ritchie. Checking on that now.... Detection Name: Clam.Html.Exploit.CVE_2016_3271.2 File Path: C:\Users\owner\AppData\Local\Temp\C53398d8-00d5-43fd-bedc-3be0be5881.e1.tmp It's my local laptop file. Edited January 29, 2021 by joerockhead28 Link to comment Share on other sites More sharing options...
Macbeth Posted January 29, 2021 Report Share Posted January 29, 2021 I've been getting these same issues for weeks now. This pops up almost every day & sometimes multiple times a day. Reported the issues previously. I've seen other Clam issues reported as well by other users. Here's my most recent.Clam.Html.Exploit.CVE_2016_3271.2 C:\Users]bethg\AppData\Local]Temp\9cd7997b-fc03-4809-9711-10fac4d1a41c.tmp Link to comment Share on other sites More sharing options...
ritchie58 Posted January 29, 2021 Report Share Posted January 29, 2021 Hey guys, There definitely looks like a recurring theme going on here since the file paths are the same Windows temp file directory! In fact I have seen this before come to think of it! The detection is related to a possible vulnerability to the VBScript engine for the Microsoft Edge browser which allowed maliciously crafted web sites to access the browser. I would bet both of you use Edge too. I'm sure Microsoft has patched this vulnerability to Edge by now since it was first reported back in 2016. I still firmly believe it is a False Positive. That is a detection by the ClamAV module. For this reason I would highly recommend you guys directly contact the ClamAV team regarding this issue and submit a False Positive report at this URL. http://www.clamav.net/reports/fp Link to comment Share on other sites More sharing options...
joerockhead28 Posted January 30, 2021 Author Report Share Posted January 30, 2021 Thx so much! Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now