[clamav-users] How do you add specific files to white list ?

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Aug 20 16:40:24 EDT 2019


Hi Asok,

I’m extremely curious about the `--memory` you’re using with clamscan.  I’m under the impression that is a feature added in some versions of ClamWin – but as far as I know, ClamWin hasn’t had a release 0.99.4.  If I may ask, where did you get this version of ClamAV?

Regards,
Micah

From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Asok Kumar via clamav-users <clamav-users at lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users at lists.clamav.net>
Date: Tuesday, August 20, 2019 at 12:53 PM
To: "clamav-users at lists.clamav.net" <clamav-users at lists.clamav.net>
Cc: Asok Kumar <mbaiter2 at gmail.com>
Subject: [clamav-users] How do you add specific files to white list ?

i am using ClamAV version 0.101.3 and using the parameters below and Heuristics.Limits.Exceeded FOUND because i have enabled it in scanning. how do i add specific files to the whitelist ?

Please see below to get an idea of what i am talking about.
i want to whitelist opera_browser.dll and Skype.exe


X:\ClamAV>clamscan --memory --bell -i --detect-pua=yes --include-pua=Packed,PwTo
ol,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script --database=.\Data  --tempdir=%TEMP
% --recursive=yes --allmatch=yes --bytecode=yes --bytecode-unsigned=yes --detect
-pua=yes --detect-structured=yes --scan-mail=yes --phishing-sigs=yes --phishing-
scan-urls=yes --heuristic-alerts=yes --heuristic-scan-precedence=no --normalize=
yes --scan-pe=yes --scan-elf=yes --scan-ole2=yes --scan-pdf=yes --scan-swf=yes -
-scan-html=yes --scan-xmldocs=yes --scan-hwp3=yes --scan-archive=yes --alert-bro
ken=yes --alert-encrypted=yes --alert-encrypted-archive=yes --alert-encrypted-do
c=yes --alert-macros=yes --alert-exceeds-max=yes --alert-phishing-ssl=yes --aler
t-phishing-cloak=yes --alert-partition-intersection=yes
Loading virus signature database, please wait... done
 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***

X:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe: Heuristics.Limits.
Exceeded FOUND
X:\Users\XXXXXXXXXX\AppData\Local\Programs\Opera\55.0.2994.59\opera_browser.dll:
Heuristics.Limits.Exceeded FOUND
X:\Program Files\Mozilla Firefox\xul.dll: Heuristics.Limits.Exceeded FOUND
X:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll: Heuristics.Limits.Exc
eeded FOUND

 *** Scanned 117 processes - 1070 modules ***
 *** Computer Memory Scan Completed ***


----------- SCAN SUMMARY -----------
Known viruses: 10440489
Engine version: 0.101.3
Scanned directories: 0
Scanned files: 1187
Infected files: 4
Data scanned: 1105.43 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 1491.685 sec (24 m 51 s)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190820/51d3f1b3/attachment.html>


More information about the clamav-users mailing list