[clamav-users] Whitelist Zip.Suspect.MiscDoubleExtension
Kris Deugau
kdeugau at vianet.ca
Thu Sep 25 18:10:37 UTC 2014
Tim Edwards wrote:
> The recent addition of Zip.Suspect.MiscDoubleExtension signatures has been
> causing a lot of trouble for us, as it keeps getting flagged for completely
> innocuous files such as foo_handle_pdf.js.
One common thread I've been seeing is that people reporting specific
cases are reporting what I would consider a misfire for a "doubled
extension"; that filename above only has one extension (.js) in my view.
I would suggest updating this upstream to more narrowly target actual
doubled extensions.
I'm a little surprised I haven't see an FP locally.
-kgd
More information about the clamav-users
mailing list