Jump to content

Clam.Win.Exploit.CVE_2019_0903-6966169-0 False Positive on Chrome Cache files and .rbf/Config.Msi files


mark33w
 Share

Recommended Posts

Immunet ClamAV is quarantining my google chrome cache files (C:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\Cache\). The files in here all start with f_ followed by numbers. They appear to be cache files used for uploading files in the browser and maybe other things. This is basically making Chrome unable to upload files to some web apps such as facebook as the quarantine of these cache files is blocking the upload. Every time I try to upload a file I get an error followed by an alert from immunet for the quarantine. I will white list this folder until this signature is fixed. That said, is there a way in windows 10 (as there is in linux) to configure clamav/immunet to ignore this signature?

Also, this signature has been getting files in the hidden folder "Config.msi" when I was doing some app uninstalls. These were the .rbf files that Windows 10 creates in case of rolling back the application uninstall/install in case of an error occurring during the install process. 

image.png.5ce2afa74ce6858219b1af9b63d7f474.png

image.png.a726c59fe2997afe095153f23ab27f0e.png

Link to comment
Share on other sites

Hi Mark, there seems to be some sort of problem with ClamAV quarantining seemingly legitimate files from a number of users of late. This is something the devs definitely need to look into ASAP! Sorry for the inconvenience this is causing.

I would suggest you temporarily turn off the ClamAV module & updates for it for now until this issue gets resolved. With the holiday Memorial Day weekend it may not be until Tuesday before an Admin or Dev looks into this.

P.S. - Great idea to submit this info to the ClamAV team directly. Thanks for that! Also, you can use Immunet's Restore feature to unlock those files if you need them now.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...