[clamav-users] how to avoid false positive in clamAV

Gaurav Kumar Garg gaurav.garg at uniscon.de
Wed Apr 5 04:49:07 EDT 2017


Hi ClamAV user, developer,

I am new to clamAV. I like its design.

While scanning i saw few false positive virus. I search on internet and 
found out that i can avoid these false positive by writing md5 sum to 
local.ign file and putting this file in /var/lib/clamav/*  directory. 
then restarting clamd daemon.


Its partially working, means it working when i scan false positive file 
with clamscan -d and its not working with clamdscan.


Steps for creating local.ign file:


$ sigtool --md5  my_file_name.exe >> local.ign


after that i put this file in /var/lib/clamav/* directory and restarted 
clamd daemon.


when i execute $ clamscan -d /var/lib/clamav/local.ign my_file_name.exe 
then its not reporting false positive, its working perfectly.


But when i scan this file using clamdscan then its still reporting false 
positive.


Could anyone help me regarding this false positive avoidance.


I can not submit my false positive file because of some business ethics 
and compliance.


Thank you in advance,


Regards,

Gaurav




More information about the clamav-users mailing list