[clamav-users] malware Html.Exploit.CVE_2015_0045
Dennis Peterson
dennispe at inetnw.com
Fri May 29 15:31:13 UTC 2015
On 5/29/15 4:20 AM, Paul Martin wrote:
> Hello,
>
> I have many false positive when clamav detects "malware
> Html.Exploit.CVE_2015_0045",
> what can I do to stop these false positive ?
>
> Thanks, Paul
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
You can create a whitelist file for signatures. In your case the file would
contain only
Html.Exploit.CVE_2015_0045
The file name can be anything you wish so long as the extension is .ign2.
Create a text file with the the name whitelist.ign2
Add the signature(s) you wish clamav to ignore, each on a separate line
Copy the file to your ClamAV signature directory, change the
permissions/ownership to allow ClamAV to read the file.
It is bad practice to edit a live file that is already in the signature
directory. Make your changes to any signature files in a safe directory.
Submit the FP to the ClamAV signature team unless you have reason to believe the
FP is local to certain files that are unique to your system.
dp
More information about the clamav-users
mailing list