[clamav-users] excluding a URL from "heueristics" scanning
joe a
joea-lists at j4computers.com
Fri Aug 12 16:17:32 UTC 2022
On 8/12/2022 8:48 AM, joe a wrote:
> On 8/12/2022 4:28 AM, G.W. Haywood via clamav-users wrote:
>> Hi there,
>>
>> On Thu, 11 Aug 2022, joe a wrote:
>>
>>> [...] I post the contents of an obfuscated "[...]gud-uns.wdb".
>>> [...]
>>> Is it known behavior? An anomaly of my formatting? A bug?
>>
>> I have no idea. I don't have time to mess about with obfuscated
>> information.
>>
>
> What's the difference?
>
> All that has been done is letters in the actual URL's were replaced with
> other letters. I don't think regex cares as long as they are "not
> special" to regex.
>
>
I am certainly not trying to be difficult or simply obstinate, I simply
do not understand the issue with obfuscation.
Perhaps your concern is related to the non obfuscated URLs being
required to match an existing "bad" URL and cause some
trigger/interaction with clamd or clamscan in some way that is not
obvious to someone at my level of knowledge?
If so, I would be happy to provide the non obfuscated version off list
or in some other way, as previously indicated.
More information about the clamav-users
mailing list