[clamav-users] Whitelist Zip.Suspect.MiscDoubleExtension
Alain Zidouemba
azidouemba at sourcefire.com
Thu Sep 25 15:52:15 UTC 2014
https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf
"To whitelist a specific signature from the database you just add its name
into a local file called local.ign2 stored inside the database directory."
- Alain
On Thu, Sep 25, 2014 at 11:31 AM, Tim Edwards <tim.edwards at scorm.com> wrote:
> The recent addition of Zip.Suspect.MiscDoubleExtension signatures has been
> causing a lot of trouble for us, as it keeps getting flagged for completely
> innocuous files such as foo_handle_pdf.js.
>
> I've been adding each signature to our whitelist, such
> as Zip.Suspect.MiscDoubleExtension-1, Zip.Suspect.MiscDoubleExtension-2,
> etc. Is there a simple way to whitelist Zip.Suspect.MiscDoubleExtension-*
> ? I tried using a regex in the whitelist file to no avail.
>
>
> Thanks,
> Tim
>
> --
> Tim
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list