[clamav-users] FP in structured SSN
Wagde Zabit
wagde.zabit at gmail.com
Sat Sep 28 23:18:10 UTC 2019
I keep getting false positives on SSN in a log file full of IP addresses.
For some reason clamav detect the 172-31-19-5 as a SSN although it’s not (AAA-GG-SSSS)
./bin/clamdscan ~/ssn.txt
/home/ubuntu/ssn.txt: Heuristics.Structured.SSN FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.000 sec (0 m 0 s)
cat ~/ssn.txt
172-31-19-5
172-31-19-5
172-31-19-5
172-31-19-5
172-31-19-5
./bin/clamdscan --version
ClamAV 0.101.2/25579/Sat Sep 21 08:23:44 2019
Is there a way to change the exisintg SSN signature?
Is there a way to write a new signature like: ^((?!000)(?!666)\d{3})([ -])?((?!00)\d{2})([ -])?((?!0000)\d{4})$ to get better results?
Thanx
Wagde
More information about the clamav-users
mailing list