Project

General

Profile

Actions
Copy link

Bug #458

closed

ClamAV fires on Suricata binary if unittests are enabled

Added by Victor Julien over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
High
Assignee:
Anoop Saldanha
Target version:
1.3beta2
Affected Versions:
Effort:
Difficulty:
Label:

Description

It appears that some of the unittests use metasploit payloads which are detected by ClamAV:

src/app-layer-dcerpc.o: Exploit.Fnstenv_mov-1 FOUND
src/detect-engine-dcepayload.o: Exploit.Fnstenv_mov-1 FOUND

Disabling unittests resolves the issue.

Please rewrite or remove the affected unittests.

Files

0001-bug-458-unittest-that-uses-clamav-FPing-payload-disa.patch (1.04 KB) 0001-bug-458-unittest-that-uses-clamav-FPing-payload-disa.patch Anoop Saldanha, 06/07/2012 03:27 PM
Actions
Copy link

Also available in: Atom PDF