[clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links
Olivier
Olivier.Nicole at cs.ait.ac.th
Thu Apr 29 12:34:47 UTC 2021
Robert Kudyba <rkudyba at fordham.edu> writes:
> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (3kB)]
>
> How would you make this work for docs.google.com as well?
>
> the following regex corresponds to https://drive.google.com
> next if /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
If I remember correctly (I am at home and I have nothing to check), the
URL is encoded in base64 so it should be:
68747470733a2f2f646f637s2e676f6f676c652e636f6d
But you better double check :)
Olivier
>
> On Thu, Apr 29, 2021, 12:25 AM Olivier <Olivier.Nicole at cs.ait.ac.th> wrote:
>
> Robert,
>
> In the configuration file user.conf for ClamAV-unofficial-sig, I set the
> following variable:
>
> clamd_reload_opt="/usr/local/bin/clamav-unofficial-sigs-post.pl"
>
> And the script is attached below.
>
> Best regards,
>
> Olivier
>
> --
>
--
More information about the clamav-users
mailing list