[clamav-users] clamscan --exclude=REGEX
Steve Basford
steveb_clamav at sanesecurity.com
Thu Apr 16 14:18:40 UTC 2015
On Thu, April 16, 2015 2:50 pm, sanes wrote:
> The following exclude does not work (the scan will check the file)
>
>
> clamscan -r --exclude="c:\Windows\System32\mobsync.exe" c:\
>
> Please advise why exclude not working
This works... don't think you can use a path...
C:\clamav>clamscan --exclude="mobsync.exe" c:\windows\system32
c:\windows\system32\mobsync.exe: Excluded
In the mean time, I've getting the FP too here...
c:\windows\system32\mobsync.exe: Win.Trojan.Agent-863936 FOUND
Sha256:
79f5bc1ad13a5575a52d39a000d0873b31865659b5efc66a7fef5e43e54c38b9
md5:
cca67bd391cfc9f036323b2522887a6a
" Trusted source! This file belongs to the Microsoft Corporation software
catalogue. "
https://www.virustotal.com/en/file/79f5bc1ad13a5575a52d39a000d0873b31865659b5efc66a7fef5e43e54c38b9/analysis/1429193646/
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the clamav-users
mailing list