ClamAV False positives on "Exploit.JPEG.Comment.1"?????
DNSAdmin
dnsadmin at 1BIGTHINK.COM
Tue Oct 19 16:12:35 IST 2004
<x-flowed>
Hello All,
This morning I have two "regular" senders, one which on my servers, another
from outside who regularly sends to a user on our servers. They've both
sent multiple JPeG files (which is an unusual occurrence) and they all are
tagged by ClamAV as:
Report: ClamAV: image006.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: image007.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: image008.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: image001.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: image003.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: image004.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: image005.jpg contains Exploit.JPEG.Comment.1
AND:
Report: ClamAV: msg-9197-33.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: msg-9197-34.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: msg-9197-35.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: msg-9197-36.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: msg-9197-31.jpg contains Exploit.JPEG.Comment.1
Report: ClamAV: msg-9197-32.jpg contains Exploit.JPEG.Comment.1
I've pulled them out of the Quarantine and scanned them locally with Norton
AV (I just checked Live Update and I'm good). They test negative. Any idea
what is going on here?
Thanks,
Glenn
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
http://www.sng.ecs.soton.ac.uk/mailscanner/
Configuration by Glenn Parsons dnsadmin-at-1bigthink.com
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list