Please read about it here:
https://www.reddit.com/r/sysadmin/comments/4tx2ao/clamav_found_billionlaughsxml_exploit_cve_2013/
Here is a quote from the link:
"Apache responded to my email, and quite promptly (very impressive). They stated:
Hi <thanos023>. It's
intentionally added test data. We use it to make sure the related vulnerability fix isn't regressed.
Usually only developers of this library would have the test data on-disk. You may want to
take it up with whoever supplied your LAMP binaries if you don't want it to re-appear when you apply maintenance."
So maybe DirectAdmin developers should delete that file and replace it with one without it? I made some of the text in bold above. Maybe someone could ask smtalk about it?
I can mention that Clamav does not find this on any of my servers, and I am running newest apache and apr-util, however I have not recompiled apache since last new release. So this must have been added sometimes after the last apache release.
Edit: My link mention CVE_2013_3860-1, but the topic starter mention CVE_2013_3860-3, so I am not 100% sure that it is the same thing, however both cases is part of apr-util, and I think it is the same thing or closely related.
