Clam AV reports possible threat in Ubuntu installer

Asked by cmhdev on 2021-03-15

I created a bootable USB of 20.04LTS and ran a scan over it with Clam AV which reported a possible threat in the i386/Packages.gz file for which it stated it was a Windows Exploit - CVE-2012-1461.

Is this a false positive?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Bernard Stafford (bernard010) said : #1

Evasion attacks expoliting file-parsing vulnerabilities in antivirus products only.
https://cve.circl.lu/cve/CVE-2012-1461

Manfred Hampl (m-hampl) said : #2

According to https://www.securityfocus.com/archive/1/522005 and https://ubuntu.com/security/CVE-2012-1461 this seems to be a bug in clamav (version 0.96.4) and not in Ubuntu.

Can you help with this problem?

Provide an answer of your own, or ask cmhdev for more information if necessary.

To post a message you must log in.