[clamav-users] Interesting report from clamscan after adding new database
Steve Basford
steveb_clamav at sanesecurity.com
Thu Oct 15 15:22:21 UTC 2015
On Thu, October 15, 2015 4:03 pm, Gene Heskett wrote:
> Greetings everybody;
>
>
> I added a new, not quite official database to my clamav checker, and this
> morning its fussing about several files I have on my web page:
> /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz:
> Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND
> /var/www/html/gene/Genes-os9-stf/print4dw.tar.gz:
> Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND
> /var/www/html/gene/stuff4george/dw4beta-3.9.72.zip:
> Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND
> /var/www/html/gene/stuff4george/dw4_beta1.tar.gz:
> Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND
>
>
> I firmly believe that these are false positives since the 2nd one at
> least, was generated on this linux machine.
Gene,
Lighbulb moment...
I take it the database you used was the version posted by Rajesh on the
mailing list, ***which was modifed for Rajesh***... in which case...
that's why you are getting FP's.
In short, as I said on the list earlier it won't suite everybody.
You should be using:
foxhole_filename.cdb
foxhole_generic.cdb
or to block most windows items:
foxhole_all.cdb
http://sanesecurity.co.uk/foxhole-databases/
The above files are available on the Sanesecurity mirrors.
Again, if you want to discuss, let's move to the right mailing list,
hopefully that clears that up :)
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the clamav-users
mailing list