[clamav-users] Rogue definition Pdf.Exploit.CVE_2018_12798-6633682-0 causing a LOT of FP's
Groach
groachmail-stopspammingme at yahoo.com
Fri Aug 17 07:00:19 UTC 2018
Thanks for the info.
It seems the Maillist takes 2 days or more for my postings to be
actioned and appear for reply; I have since updated the thread twice
since that last post saying that I had since found the info in FAQs and
that it seems that the signature has already been dropped (FP's no
longer appearing under this definition (I still have the files and I
havent whitelisted). You might want to remove your whitelist entry in
case it now is able to catch genuine threats.
On 15/08/2018 08:06, Groach wrote:
>
>
> On 15/08/2018 08:00, Groach wrote:
>> Could you detail how to whitelist the offending rule please? (I fear
>> it will be some time, or never, before this rule gets rectified
>> officially).
>>
>
> Dont matter. I found the method in the FAQs but its not necessary.
> It seems the signatures has been dropped. I didnt get the FPs after
> last night.
>
>
>
>>
>> On 14/08/2018 22:40, lukn wrote:
>>> Same here. I agree this rule is causing too many FPs to remain active.
>>> Therefore I ended up whitelisting this rule.
>>>
>>>
>>>> I now only run in report mode and not delete mode
>>> I don't understand the whish to leave the decision of data destruction
>>> to a third party software. My system should follow my rules... and those
>>> never include arbitrary data deletion as this can only end in tears.
>>> Running any antivirus in delete mode is like playing Russian roulette.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180817/a261db1d/attachment.htm>
More information about the clamav-users
mailing list