[clamav-users] Whitelist databases/File whitelist - format?
G.W. Haywood
clamav at jubileegroup.co.uk
Thu May 7 11:27:12 UTC 2020
Hi there,
On Thu, 7 May 2020, Pascal De Meerleer via clamav-users wrote:
> ...
> whitelisting a file themedesigner.war
>
> Creating an md5 signature and writing it to a file with extension .fp
> # sigtool --md5 themedesigner.war
> a264955211fd1fb5dc952430c4ee6674:14824637:themedesigner
> (omitting the last extension, in this case .war)
It is not clear to me from your post exactly what you have done, and I
specifically do not understand your comment
"(omitting the last extension, in this case .war)"
Why would you omit it? Are you expecting to whitelist every file with
a name which begins with "themedesigner"?
Have you tried _not_ omitting the file extension?
> Restarting the clamd scan service
Not necessary, you can signal clamd to reload the databases or just
wait until something else does it (such as freshclam, or any scan).
> Check if whitelisting found using clamd and clamscan
> In both cases virus is still FOUND, not whitelisted
>
> Any idea what's wrong in my thinking or something I'm missing?
Please make your post much clearer. What exactly is the name of the
database file which you created, where in the filesystem did you put
it, and what is the exact content of the database file?
--
73,
Ged.
More information about the clamav-users
mailing list