[clamav-users] Possible FP Doc.Trojan.Agent-6923110-0
Brent Clark
brentgclarklist at gmail.com
Wed Apr 10 12:38:38 UTC 2019
To whitelist a specific signature from the database you just add the
signature name into a local file with the .ign2 extension and store it
inside /var/lib/clamav.
i.e. echo 'Doc.Trojan.Agent-6923110-0' >> /var/lib/clamav/whitelist.ign2
HTH
Regards
Brent Clark
On 2019/04/10 13:46, Graeme Fowler via clamav-users wrote:
> Doc.Trojan.Agent-6923110-0 added 5th April (I think).
>
> Detects potentially dodgy VB/VBA/VBScript macros in Excel docs, but we have one user who has a completely genuine spreadsheet which contains several complex database-lookup-related macros which are triggering that sig.
>
> Nothing else has.
>
> Unfortunately I cannot send the file as it contains some fairly sensitive information :(
>
> Graeme
> --
> Graeme Fowler
> Senior IT Services Specialist / LU Postmaster, Systems Infrastructure, IT Services
> Loughborough University
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list