[clamav-users] False positive for sure
Douglas Goddard
dgoddard at sourcefire.com
Wed Sep 3 14:44:21 UTC 2014
We're working on some signatures for our users who run ClamAV on their mail
servers. We'll be tweaking them over the next few weeks to minimize false
positives, but with loose signatures like this, it is difficult to
eliminate them completely.
If you're not concerned about double extension files in zips, or suspicious
file names (eg. INVOICE_01.exe) then it would be best that you white list
any signatures that cause you problems. In the meantime, we appreciate the
feedback as these signatures will need some modification.
Thank you,
Douglas
On Wed, Sep 3, 2014 at 8:02 AM, Steve Basford <
steveb_clamav at sanesecurity.com> wrote:
>
> On Wed, September 3, 2014 12:54 pm, Gene Heskett wrote:
> >>
> >> ”—detect-pua” switch for clamscan or disable it in the clamd.conf file.
> >>
> >
> > Which one?, I have 3 of them. This is an old ubuntu 10.04 LTS install.
> > Also its reported as version 98.1.
>
> If you are using clamscan then I guess you've got a script somewhere,
> calling clamscan, you need to add: --detect-pua=no
>
> If it's clamdscan you are using then edit the clamd.conf file... and
> restart clamd...
>
> # Detect Possibly Unwanted Applications.
> # Default: no
> DetectPUA No
>
> Cheers,
>
> Steve
> Sanesecurity.com
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list