[clamav-users] ignore yara rule
Arnaud Jacques
webmaster at securiteinfo.com
Tue Apr 12 17:01:02 UTC 2022
Hello Dino,
echo -n "invalid_trailer_structure" >>local.ign2
should do the job.
Le 12/04/2022 à 18:58, Dino Edwards via clamav-users a écrit :
> Hi,
>
> Using clamav-unofficial-signatures and I’m trying to ignore a yara rule
> due to many FPs. The blocked message refers to the
> YARA.invalid_trailer_structure.UNOFFICIAL as the offending signature.
> However, entering any of following in local.ign2 file, clamav ignores it
> and keeps blocking:
>
> *YARA.invalid_trailer_structure*
>
> Any idea what I’m doing wrong here?
>
> thanks
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL
More information about the clamav-users
mailing list