[clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links
Robert Kudyba
rkudyba at fordham.edu
Thu Apr 29 14:23:23 UTC 2021
>
> > >> next if
> /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/;
> > next if /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;
> >
> > You could do better with a regex, see the excellent Perl documentation.
> >
> > So what's the syntax to use || (or) with this? Something like this?
> >
> > next if
> /^MBL_\d+:0:\*:68747470733a2f2f64726976652e676f6f676c652e636f6d$/ ||
> > /^MBL_\d+:0:\*:68747470733a2f2f646f63732e676f6f676c652e636f6d$/;
>
> I would make it more simple:
>
> next if /^MBL_\d+:0:\*:123.../;
> next if /^MBL_\d+:0:\*:abc.../;
> next if /^MBL_\d+:0:\*:097.../;
>
> That way you can comment on each individual line what they code for and
> if you need to remove one test, you only need to comment out the
> corresponding line without messing up with the regex or the condition.
>
> This script is only run once each time you update the ClamAV unofficial
> signatures and each test is run once per line, that makes not much sense
> to try to optimize the run time of the script.
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=SsqblzFL21e02P_StWI7nrmXTqvf4Thz1uodGnB1SK0&s=M_HSsvRdNHZqkdz3-w7BhocJHpATmvqb77AcoRPjGYc&e=>
Excellent thanks, no error(s) when I just ran it manually. Is there a
sigtool command I can use to check that it worked? I can compare this
against another server that I have yet to install this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210429/3dc5b741/attachment.htm>
More information about the clamav-users
mailing list