[clamav-users] Heuristics.Filetype.ZipWithJS
Reindl Harald
h.reindl at thelounge.net
Tue Mar 28 12:23:39 UTC 2017
Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi:
> Hello.
>
> Regarding your fist question you can execute the following
> tools from the command line:
>
> sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
> --decode-sigs
Heuristics are *not* signatures
> 'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
> of a string used to identify the signature of a possible threat (and
> signature archives are distributed separately from ClamAV).
Heuristics are *not* signatures
> Regarding your second question: you can create a whitelist
> file which contains all the signatures that ClamAV should ignore.
>
> Ref:
> https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature
Heuristics are *not* signatures
stop spread wrong informations - you *can not* put heuristics in .ign2
files, well you can, but it won't work
> Usually this whitelist file should reside in the same directory
> where ClamAV has installed the signatures archives (on most
> Linux installations is by default under /var/lib/clamav).
Heuristics are *not* signatures
> On 03/28/2017 01:53 PM, Jonas Manusch wrote:
>> Cheers folks,
>>
>> since last weekend my clamscan states
>>
>> Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
>>
>> on some files. These files are from 2015 and I assume it to be false
>> positive. Since these files contain sensitive data I cannot hand out
>> to third parties. I tried to find out what the above means, but only
>> found very little information that was not really helpful. Also tried
>> to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I
>> got here with a couple of questions:
>>
>> 1. Where can I find information about what kind of threat this?
>> 2. How could I disable only this one type?
More information about the clamav-users
mailing list