Add HowTo whitelist signature / get info about signatur.

DOC/clamav/README.get-signature-info

@@ -0,0 +1,22 @@
+# ----------
+# Get signature info (decode signatur)
+# ----------
+
+# - See also: https://lists.gt.net/clamav/users/73547
+
+# - If yoe see something like
+# -
+# -    May 15 15:49:56 mx amavis[19815]: (19815-17) Blocked INFECTED (MBL_27966083.UNOFFICIAL)
+# -
+# - you can get some infos about the blockin signatur (MBL_27966083.UNOFFICIAL)
+# - using clamav's 'sigtool' (ommit '.UNOFFICIAL' if present:
+# -
+sigtool --find-sigs MBL_27966083 |  sigtool --decode-sigs
+sigtool --find-sigs=MBL_27966083 |  sigtool --decode-sigs
+
+# - Output of that command is:
+# -
+VIRUS NAME: MBL_27966083
+DECODED SIGNATURE:
+https://docs.google.com
+

DOC/clamav/README.signature.whitelist

@@ -0,0 +1,130 @@
+# ==========
+# Whitelist (clamav) signature
+# ==========
+
+# - See also: https://lists.gt.net/clamav/users/73547
+
+# ----------
+# Why whithelisting signatures ?
+# ----------
+
+# - Sometimes, Clamav and third party signatures generate some false positives. 
+# - It means a non-harmfull file is detected as malware.
+# -
+# -To correct this problem, you have to whitelist the signature.
+
+
+# ----------
+# How to whitelist a signature ?
+# ----------
+
+# - You need to create a .ign2 file in the database directory of Clamav 
+# - (usually /var/lib/clamav). In this file, you just have to write the 
+# - name of the offending signature. 
+# -
+# - Here is an example :
+
+
+# ---
+# - Whitelisting a signature from Clamav Official
+# ---
+
+# - The file '/tmp/file.ext' is detected as a malware
+# -
+clamscan -i /tmp/file.ext
+
+# - Output of that commnd:
+# -
+/tmp/file.ext: CVE_2012_0773-2 FOUND
+
+----------- SCAN SUMMARY -----------
+Known viruses: 7634245
+Engine version: 0.99.2
+Scanned directories: 0
+Scanned files: 1
+Infected files: 1
+Data scanned: 0.78 MB
+Data read: 0.28 MB (ratio 2.80:1)
+Time: 0.096 sec (0 m 0 s)
+
+
+# - Create/Update the whitelist file '/var/lib/clamav/my_whitelist.ign2'
+# -
+echo "CVE_2012_0773-2" >> /var/lib/clamav/my_whitelist.ign2
+
+# - If using clamav daemon, retsrat it
+# -
+# - Restart Clamav
+/etc/init.d/clamav-daemon restart
+
+
+# - Test again to verify the whitelist
+clamscan -i /tmp/file.ext
+
+----------- SCAN SUMMARY -----------
+Known viruses: 7634245
+Engine version: 0.99.2
+Scanned directories: 0
+Scanned files: 1
+Infected files: 0
+Data scanned: 0.78 MB
+Data read: 0.28 MB (ratio 2.80:1)
+Time: 0.096 sec (0 m 0 s)
+
+# - The file is no longer considered malware.
+
+
+# ---
+# Whitelisting a signature from third party signatures (clamav-unofficial-sigs)
+# ---
+
+# - The file '/var/QUARANTINE/virus/virus-2afmbqnVgQAn' is detected as a malware
+#- 
+# - Test it with:
+# - 
+clamscan -i /var/QUARANTINE/virus/virus-2afmbqnVgQAn
+
+# - Output of that commnd:
+# -
+/var/QUARANTINE/virus/virus-2afmbqnVgQAn: MBL_27966083.UNOFFICIAL FOUND
+
+----------- SCAN SUMMARY -----------
+Known viruses: 6906592
+Engine version: 0.100.3
+Scanned directories: 0
+Scanned files: 1
+Infected files: 1
+Data scanned: 0.00 MB
+Data read: 0.01 MB (ratio 0.33:1)
+Time: 76.506 sec (1 m 16 s)
+
+# - Create/Update  of the whitelist file '/var/lib/clamav/my_whitelist.ign2'
+# - without the .UNOFFICIAL suffix
+# -
+echo "MBL_27966083" >> /var/lib/clamav/my_whitelist.ign2
+
+# - If using clamav daemon, retsrat it
+# -
+# - Restart Clamav
+/etc/init.d/clamav-daemon restart
+
+
+# - Test again to verify the whitelist
+# -
+clamscan -i /var/QUARANTINE/virus/virus-2afmbqnVgQAn
+
+# - Output is now:
+# -
+
+----------- SCAN SUMMARY -----------
+Known viruses: 6906591
+Engine version: 0.100.3
+Scanned directories: 0
+Scanned files: 1
+Infected files: 0
+Data scanned: 0.02 MB
+Data read: 0.01 MB (ratio 2.00:1)
+Time: 73.752 sec (1 m 13 s)
+
+# - The file is no longer considered malware. 
+