Jump to content
joerockhead28

Unquarantined File

Recommended Posts

Hi joe,

I checked on the web & Virustotal & couldn't find any info regarding this file which doesn't surprise me since it was just a .tmp (temporary) file. Most likely this is a False Positive in my opinion.

What is the detection name & exact file path associated with the detection? You should be able to find this data by clicking on the word Quarantine located below & to the right of the History tab on the UI, then see if you can find the detection in the right-side Details dialog box. A up-loaded screen grab of the box with the info included could prove to be useful.

Also, do you recognize the file path for any software program you currently have installed? A custom Exclusion rule or two is all that may be needed to correct this from happening again if nothing malicious is going on.

Cheers, Ritchie...

Share this post


Link to post
Share on other sites

Thx, Ritchie.  Checking on that now....

 

Detection Name:  Clam.Html.Exploit.CVE_2016_3271.2

File Path: C:\Users\owner\AppData\Local\Temp\C53398d8-00d5-43fd-bedc-3be0be5881.e1.tmp

 

It's my local laptop file.

 

Edited by joerockhead28

Share this post


Link to post
Share on other sites

I've been getting these same issues for weeks now. This pops up almost every day & sometimes multiple times a day. Reported the issues previously. I've seen other Clam issues reported as well by other users.

Here's my most recent.

Clam.Html.Exploit.CVE_2016_3271.2

C:\Users]bethg\AppData\Local]Temp\9cd7997b-fc03-4809-9711-10fac4d1a41c.tmp

Share this post


Link to post
Share on other sites

Hey guys,

There definitely looks like a recurring theme going on here since the file paths are the same Windows temp file directory!

In fact I have seen this before come to think of it! The detection is related to a possible vulnerability to the VBScript engine for the Microsoft Edge browser which allowed maliciously crafted web sites to access the browser. I would bet both of you use Edge too.

I'm sure Microsoft has patched this vulnerability to Edge by now since it was first reported back in 2016. I still firmly believe it is a False Positive.

That is a detection by the ClamAV module. For this reason I would highly recommend you guys directly contact the ClamAV team regarding this issue and submit a False Positive report at this URL. http://www.clamav.net/reports/fp

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...