[clamav-users] ClamAV sends lots of False Positives : Heuristics.Structured.CreditCardNumber FOUND

Dennis Peterson dennispe at inetnw.com
Wed Oct 28 06:37:59 UTC 2015 

Certainly - start multiple processes that look at a specific area of storage but 
with appropriate arguments for the target area. You can run clamscan processes 
concurrently or serially, depending on your physical resources. There is no way 
to change the arguments to clamscan once the process is running. You need 
multiple instances that are targeted to your need.

dp

On 10/27/15 11:31 PM, Zeal Vora wrote:
> Thanks Dennis.
>
> So if i want to scan the whole system for Malwares etc and only 1
> particular folder for CC information, is there any way I can do that ?
>
>
>
> On Wed, Oct 28, 2015 at 4:44 AM, Dennis Peterson <dennispe at inetnw.com>
> wrote:
>
>> Yes - of  course it can.
>>
>> clamscan --help |egrep "include|exclude"
>>
>> dp
>>
>>
>> On 10/27/15 12:23 AM, Zeal Vora wrote:
>>
>>> Hi
>>>
>>>
>>> We have ClamAV on servers and it sends a lot of False Positives related to
>>> : Heuristics.Structured.CreditCardNumber FOUND
>>>
>>> Almost 99% of the alerts are the same.
>>>
>>> Can we have ClamAV to look for CreditCardNumber only on certain
>>> directories
>>> instead of the whole file system ? How can we do that ?
>>>
>>> Our Current ClamAV scan is :-
>>>
>>> clamscan \
>>>          --quiet \
>>>          --stdout \
>>>          --infected \
>>>          --suppress-ok-results \
>>>          --official-db-only=yes \
>>>          --log=$LOGFILE \
>>>          --recursive \
>>>          --cross-fs=yes \
>>>          --follow-dir-symlinks=0 \
>>>          --follow-file-symlinks=0 \
>>>          --remove=no \
>>>          --exclude-dir=/dev \
>>>          --exclude-dir=/sys \
>>>          --detect-structured=yes \
>>>          --scan-mail=yes \
>>>          --phishing-sigs=yes \
>>>          --phishing-scan-urls=yes \
>>>          --heuristic-scan-precedence=yes \
>>>          --algorithmic-detection=yes \
>>>          --scan-pe=no \
>>>          --scan-elf=yes \
>>>          --scan-ole2=no \
>>>          / \
>>>          > $REPORTFILE 2>&1
>>>
>>>
>>>
>>> Any help will be appreciated.
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list