ClamAV friend and community signature contributor Arnaud Jacques from SecuriteInfo.com wrote a quick article about how to whitelist a signature in ClamAV that may be giving you problems.
Please take a look at this article on his website, for some quick instruction on how to prevent a potential disaster in your environment.
Hi,
ReplyDeleteI have false positive with : BC.Win.Exploit.CVE_2017_11241-6335400-2
[root@mauka quarantine]# clamscan -i virus-paB3ruU128Q6
virus-paB3ruU128Q6: BC.Win.Exploit.CVE_2017_11241-6335400-2 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6303524
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 8.39 MB
Data read: 11.78 MB (ratio 0.71:1)
Time: 9.320 sec (0 m 9 s)
But when I scan it with virustotal.com, all the other antivirus did not find any malware
Whitelisting did not work for me:
#echo "BC.Win.Exploit.CVE_2017_11241-6335400-2" >> /var/lib/clamav/local.ign2
#systemctl restart clamd@amavisd.service
Best regards
Please provide false positives through Clamav.net
ReplyDelete