jatpat / browsersec

Automatically exported from code.google.com/p/browsersec
0 stars 0 forks source link

Exploit.HTML.MHTRedir-8 FOUND #1

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. gzip -d the tar.gz file
2. run clamscan on browser_tests-1.00.tar

Exploit.HTML.MHTRedir-8 FOUND

Is this expolit used for educational purposes or ...?

Original issue reported on code.google.com by hbokho...@gmail.com on 11 Dec 2008 at 12:00

GoogleCodeExporter commented 9 years ago
To my best knowledge, the supplied archive contains no malicious code - 
although it
does contain harmless test cases that superficially resemble known exploits, 
which is
presumably what's confusing clamav. 

It is presumably tripping on the Windows help URLs supplied in 
web_misc_urls.html.
Can you confirm?

Original comment by lcam...@gmail.com on 11 Dec 2008 at 2:29

GoogleCodeExporter commented 9 years ago
Correct! That file only:

web_misc_urls.html: Exploit.HTML.MHTRedir-8 FOUND

FYI Clamscan on FreeBSD.

Original comment by hbokho...@gmail.com on 11 Dec 2008 at 6:43

GoogleCodeExporter commented 9 years ago
Yeah, seems like you can safely ignore this as a false positive (if you are 
unsure,
feel free to inspect the file manually in any text editor - should just contain 
only
a handful of lines with obviously made-up links).

Original comment by lcam...@gmail.com on 11 Dec 2008 at 6:45