[clamav-users] Whitelisting issue
Curtis Vaughan
cavaughan at gmail.com
Tue Nov 28 00:24:31 UTC 2017
Using clamav on an Ubuntu Server postfix system. We have an issue where
so far just Excel (xlxs) files are getting false flagged as having the
following virus:
250 2.7.0 Ok, discarded, id=14037-01 - INFECTED:
Emf.Exploit.CVE_2017_16395-6376329-0
Virus scanner output:
p003: Emf.Exploit.CVE_2017_16395-6376329-0 FOUND
p005: Emf.Exploit.CVE_2017_16395-6376329-0 FOUND
Having searched up information I found it's probably easiest just to
whitelist this signature. However, whatever I do doesn't seem to work.
I have added CVE_2017_16395-6376329-0
to a file at /var/lib/clamav/whitelist.ign2 as well as to
whitelist-signatures.ign2 since there are references out on the
internet to name the file one way or the other. Since it wasn't
working, I changed user and group to clamav on these files. I also
reloaded clamav-daemon. But still the files are quarantined as infected.
Any other clues?
Thanks!
More information about the clamav-users
mailing list