Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: m_apple7
m_apple7 Author
User level: Level 1
0 points

Clamxav found infection Php.Exploit.CVE_2015_2331-3

I just ran a scan on ClamXav and it identified 17 files that all had the same infection named Php.Exploit.CVE_2015-2331-3. When I tried to delete these files, I got the mac alert sound and was unable to delete them. Some of the fillenames that were infected were CoreData, SceneKit, and Bom. I also noticed that several of the infected files were applications from the Microsoft Office Pro Plus bundle I recently downloaded and was given free access to as a student at my university, so I was also wondering if that might be the source of the infection. Has anyone else experienced this while using ClamXav, or have any advice with regards to getting rid of the infection?


Thanks

iMac (21.5-inch, Late 2013), OS X Yosemite (10.10.5)

Posted on Aug 26, 2015 11:47 PM

Reply
Question marked as Best reply
User profile for user: JPR96
JPR96
User level: Level 1
4 points

Posted on Aug 27, 2015 12:26 AM

I am running Tiger 10.4.11 and SL 10.6.8 and found the same issue on a pretty fresh SL install. Several of the "exploits" were bonified applications like Lightroom and MS Office support.


Filename Infection Name Status

/Applications/Adobe Photoshop Lightroom 4.app Php.Exploit.CVE_2015_2331-3

/Applications/Adobe Photoshop Lightroom 4.app/Contents/Support/DynamicLinkMediaServer/application/dynamiclinkmediaserve r.app Php.Exploit.CVE_2015_2331-3

/Applications/Microsoft Office 2008/Office/MicrosoftOffice.framework Php.Exploit.CVE_2015_2331-3

/Library/QuickLook/iWork.qlgenerator Php.Exploit.CVE_2015_2331-3

/Library/QuickLook/SneakPeek Pro.qlgenerator Php.Exploit.CVE_2015_2331-3

/Library/Spotlight/iWork.mdimporter Php.Exploit.CVE_2015_2331-3

/Library/Spotlight/Microsoft Office.mdimporter Php.Exploit.CVE_2015_2331-3

/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation Php.Exploit.CVE_2015_2331-3

/System/Library/PrivateFrameworks/Bom.framework/Versions/A/Bom Php.Exploit.CVE_2015_2331-3

/usr/bin/pkgbuild Php.Exploit.CVE_2015_2331-3

/usr/bin/productbuild Php.Exploit.CVE_2015_2331-3

/usr/bin/productsign Php.Exploit.CVE_2015_2331-3

/usr/bin/zip Php.Exploit.CVE_2015_2331-3

/usr/bin/zipcloak Php.Exploit.CVE_2015_2331-3

/usr/bin/zipnote Php.Exploit.CVE_2015_2331-3

/usr/bin/zipsplit Php.Exploit.CVE_2015_2331-3

/usr/libexec/productutil Php.Exploit.CVE_2015_2331-3


All this just after I updated ClamXav. I will send a message to their support. I am thinking this is a bug in the scan software. If you find anything else out in the mean time, please post back.


John

View in context
5 replies
Question marked as Best reply
User profile for user: JPR96
JPR96
User level: Level 1
4 points

Aug 27, 2015 12:26 AM in response to m_apple7

I am running Tiger 10.4.11 and SL 10.6.8 and found the same issue on a pretty fresh SL install. Several of the "exploits" were bonified applications like Lightroom and MS Office support.


Filename Infection Name Status

/Applications/Adobe Photoshop Lightroom 4.app Php.Exploit.CVE_2015_2331-3

/Applications/Adobe Photoshop Lightroom 4.app/Contents/Support/DynamicLinkMediaServer/application/dynamiclinkmediaserve r.app Php.Exploit.CVE_2015_2331-3

/Applications/Microsoft Office 2008/Office/MicrosoftOffice.framework Php.Exploit.CVE_2015_2331-3

/Library/QuickLook/iWork.qlgenerator Php.Exploit.CVE_2015_2331-3

/Library/QuickLook/SneakPeek Pro.qlgenerator Php.Exploit.CVE_2015_2331-3

/Library/Spotlight/iWork.mdimporter Php.Exploit.CVE_2015_2331-3

/Library/Spotlight/Microsoft Office.mdimporter Php.Exploit.CVE_2015_2331-3

/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation Php.Exploit.CVE_2015_2331-3

/System/Library/PrivateFrameworks/Bom.framework/Versions/A/Bom Php.Exploit.CVE_2015_2331-3

/usr/bin/pkgbuild Php.Exploit.CVE_2015_2331-3

/usr/bin/productbuild Php.Exploit.CVE_2015_2331-3

/usr/bin/productsign Php.Exploit.CVE_2015_2331-3

/usr/bin/zip Php.Exploit.CVE_2015_2331-3

/usr/bin/zipcloak Php.Exploit.CVE_2015_2331-3

/usr/bin/zipnote Php.Exploit.CVE_2015_2331-3

/usr/bin/zipsplit Php.Exploit.CVE_2015_2331-3

/usr/libexec/productutil Php.Exploit.CVE_2015_2331-3


All this just after I updated ClamXav. I will send a message to their support. I am thinking this is a bug in the scan software. If you find anything else out in the mean time, please post back.


John

Reply

Clamxav found infection Php.Exploit.CVE_2015_2331-3

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up