Deathinition Posted October 18, 2019 Report Share Posted October 18, 2019 Hello! I'm not sure if I am correct here... Anyways, I love this software, OpenSource FTW. And I also love the website "listenonrepeat.com" which simply lets you loop a youtube video without it buffering again from the start. Upon opening the site, Immunet detects a thread which he immediately quarantines. It's a file called for example "f_002777" and whatever. And it's detected as "Clam.Html.Exploit.CVE_2017_11796-6336854-3". I dont know if it's a false detection or something, maybe someone can bring some light into this. Thanks in advance Link to comment Share on other sites More sharing options...
Rob.T Posted October 18, 2019 Report Share Posted October 18, 2019 Hi Dethinition, I can't reproduce your detection on Win10x64 using internet explorer & Immunet 7.0.0.11362 , Can you tell us what operation system, browser, and version of Immunet you're seeing the detction on? Link to comment Share on other sites More sharing options...
Deathinition Posted October 19, 2019 Author Report Share Posted October 19, 2019 Of course @Rob.Turner, I'm sorry i didn't mention it. I use Win10x64 and it happened with Chrome Version 77.0.3865.120, guess that's the current one. And my Immunet version is 7.0.0.11362 too, so it's probably a browser thing. Thanks again Link to comment Share on other sites More sharing options...
zombunny2 Posted October 21, 2019 Report Share Posted October 21, 2019 @Deathinition as I scrolled down this thread I knew you were using either Chromium or a Chromium-based browser. Are you, by any chance, also using either UBlock Origin or Nano Adblocker in it? I repeatedly get this detection from my Immunet install. The filename of the detection is always "f_" followed by a hexadecimal number, and it is always in my Vivaldi (another chromium-based browser) cache folder. In my case, it is a false-positive on one of the blocklists used by UBlock origin. Some of ClamAV and Immunet's signatures trigger on certain malicious web links in text files. UBlock's blocklists are text files filled with, amongst other things, fragments of malicious links (after all, UBlock needs to know what to block). Immunet, unfortunately can't distinguish between "my evil malware site dot com" as a place to go, contained within an evil script, and "my evil malware site dot com" as a place *not* to go, contained within a blocklist! It just sees the link and has to take the cautious approach. I get this same detection if I do a manual scan of my /home directory with ClamAV on GNU/Linux (the OS where I spend >99% of my time). In Vivaldi, there's also a built-in feature that blocks certain really aggressive malvertising features. Most browsers also use the Google safe-browsing database as well. Both of these features of course contain lists of web sites for the browser to avoid - and as a result, both of these features have also triggered this detection in my copy of Immunet before now. But most of the time (almost every time I get this detection), it's UBlock origin updating its filter lists. I can even repeatedly trigger the exact same detection by manuallly forcing UBo to update its blocklists. Link to comment Share on other sites More sharing options...
Rob.T Posted October 23, 2019 Report Share Posted October 23, 2019 Thanks for all the info Deathinition - I I only tried reproducing with IE on Win 7&10 x32; so ll take a try with Chrome, vivaldi, UBlock Origin and Nano Adblocker and Vivaldi. I Think briefly tried Vivaldi 5 or 8 years ago right after it's initial release. To soo actually, it unusable at the time. Am interested to see how far it's come. Link to comment Share on other sites More sharing options...
Rob.T Posted October 25, 2019 Report Share Posted October 25, 2019 Successfully reproduced with Chrome on Win7x64 & Win10x64 today - Thanks again Deathinition, you rock! Hopefully we'll have the FP fixed by Monday. On another note, that's for introducing me to listenonrepeat . Am learning to play a guitar and it' s going to be really handy. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now