[clamav-users] Heuristics.Filetype.ZipWithJS
Matteo Dessalvi
m.dessalvi at gsi.de
Tue Mar 28 12:20:52 UTC 2017
Hello.
Regarding your fist question you can execute the following
tools from the command line:
sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
--decode-sigs
'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
of a string used to identify the signature of a possible threat (and
signature archives are distributed separately from ClamAV).
Regarding your second question: you can create a whitelist
file which contains all the signatures that ClamAV should ignore.
Ref:
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature
Usually this whitelist file should reside in the same directory
where ClamAV has installed the signatures archives (on most
Linux installations is by default under /var/lib/clamav).
Regards,
Matteo
On 03/28/2017 01:53 PM, Jonas Manusch wrote:
> Cheers folks,
>
> since last weekend my clamscan states
>
> Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
>
> on some files. These files are from 2015 and I assume it to be false
> positive. Since these files contain sensitive data I cannot hand out
> to third parties. I tried to find out what the above means, but only
> found very little information that was not really helpful. Also tried
> to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I
> got here with a couple of questions:
>
> 1. Where can I find information about what kind of threat this?
> 2. How could I disable only this one type?
>
> Thanks.
>
> Jonas
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list