[clamav-users] excluding a URL from "heueristics" scanning
G.W. Haywood
clamav at jubileegroup.co.uk
Thu Aug 11 22:34:39 UTC 2022
Hi there,
On Thu, 11 Aug 2022, joe a wrote:
> I do not understand why, when entering more than one URL, the first line in
> my "exclude" file: "/var/lib/clamav/ImaOK2day.wdb" seems to be able to match
> when entered "in plain text", while subsequent lines seem to want actual
> "regex" notation (escaped "."), with only the domains entered.
>
> At least that is what it seems takes to "run clean" when re-scanned in debug
> mode.
>
> To add do the above, I found a few recent emails containing the URLs in the
> first entry, mentioned above, that were flagged. Those emails passed without
> notice when scanned as above. I removed that first entry, scanned again and
> the email were flagged. I then entered those URL's again, as the first line,
> this time in regex notation ("." escaped, no "http or https"), scanned again,
> and it was not flagged.
Post your .wdb file here?
--
73,
Ged.
More information about the clamav-users
mailing list