[clamav-users] KACE false positive
G.W. Haywood
clamav at jubileegroup.co.uk
Fri Jun 11 16:42:37 UTC 2021
Hi there,
On Fri, 11 Jun 2021, Douglas Stinnette wrote:
> It has been over a year since there was a wide false positive across ClamAV.
> "/Library/Application Support/Quest/KACE/bin/klog"
> "Unix.Malware.Macos-9867919-0 FOUND"
>
> I do not recall how to address this. Any suggestions would be great.
Additionally, in the interim before the false positive is addressed by
the ClamAV team and the databases are updated, you can create a file
in your local ClamAV database directory which contains the MD5 hash of
the file which is being incorrectly flagged.
https://docs.clamav.net/manual/Signatures/AllowLists.html
Do make sure that it _is_ a false positive before you do that. :)
--
73,
Ged.
More information about the clamav-users
mailing list