Wednesday, March 09, 2011 12:59 PM cmosby

AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B - SANS Internet Storm Center

AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
Share |
Published: 2011-03-09,
Last Updated: 2011-03-09 17:05:57 UTC
by Kevin Shortt (Version: 1)
Rate this diary:
0 comment(s)

Some readers from Montreal, Canada wrote in about a problem with AVG Anti-Virus 2011 Free Edition 10.0.1024. The issue is with the all PDF's being quarantined and marked as infected by Luhe.Exploit.PDF.B.

It has been reported and noted on the above AVG Forum that an affected version is the following:

AVG Anti-virus 2011 Free Edition 10.0.1204, virus database version 1497/3490


The following url is a conversation on the issue:

http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151679where

This seems to be a bug in the definition for Luhe.Exploit.PDF.B. This does not mean other versions of AVG aren't impacted as well. Please check your version and verify with AVG. The current version of the virus database as of writing this diary is 3494 and was released today. I have no confirmed report that the problem has been resolved yet AVG was aware and working on it.

Please share what you're seeing and update the readers.

Thanks goes to Heber and Tomas for sending in the information to get it out there.


--
Kevin Shortt
ISC Handler on Duty
Filed under: ,

Comments

No Comments