[clamav-users] Unable to submit false positive for bug54682.phpt PHP.Exploit.CVE_2011_4153-3
Greg Folkert
greg at donor.com
Fri May 9 19:11:24 UTC 2014
Bill... I wrote the response to your query about whitelisting the
TRUE-POSITIVE file.
As a general rule you *NEVER* EVER whitelist a TRUE-POSITIVE... what
would be the point of an Anti-(Virus/Malware/Trojab) system then.
On Fri, 2014-05-09 at 14:58 -0400, Bill Bennert wrote:
> Hi Alain,
> That was exactly what I was looking for. The idea of doing that was
> not sitting right with me. I will find another way to handle this file
> that will keep coming back from git when I do pulls.
>
> Thank you,
> -Bill
>
> On 05/09/2014 02:48 PM, Greg Folkert wrote:
> > On Fri, 2014-05-09 at 14:17 -0400, Bill Bennert wrote:
> >> Hi Alain,
> >> I greatly appreciate your time in confirming this. In response, I did
> >> some additional research and understand that it is a true positive since
> >> the file runs a test for that exact condition. Would white-listing it
> >> using a file signature hash be valid measure, or would that a bad idea?
> >> This is the first time I've encountered a true positive on a file I
> >> would normally keep and want to make sure I handle it appropriately.
> > Why would you do this in the first place. You are unquestionably
> > guaranteeing a True-Positive to get through. That could be exploited...
> > or not.
> >
> > Just make sure you realize what you are doing, not having blinders on.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
--
greg folkert - systems administration and support
web: donor.com
email: greg at donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"It is quality rather than quantity that matters."
-- Lucius Annaeus Seneca
More information about the clamav-users
mailing list