install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
mailsystem/DOC/clamav
History
Christoph a230c6add0 Add file 'README.redeliver-quarantined-email'.
2022-09-15 01:20:07 +02:00
..
README.get-signature-info Add HowTo whitelist signature / get info about signatur. 2019-05-15 18:08:11 +02:00
README.redeliver-quarantined-email Add file 'README.redeliver-quarantined-email'. 2022-09-15 01:20:07 +02:00
README.signature.whitelist README.signature.whitelist: adjust README. 2019-05-15 18:17:03 +02:00

README.signature.whitelist 

# ==========
# Whitelist (clamav) signature
# ==========

# - See also: https://lists.gt.net/clamav/users/73547

# ----------
# Why whithelisting signatures ?
# ----------

# - Sometimes, Clamav and third party signatures generate some false positives. 
# - It means a non-harmfull file is detected as malware.
# -
# -To correct this problem, you have to whitelist the signature.


# ----------
# How to whitelist a signature ?
# ----------

# - You need to create a .ign2 file in the database directory of Clamav 
# - (usually /var/lib/clamav). In this file, you just have to write the 
# - name of the offending signature. 
# -
# - Here is an example :


# ---
# - Whitelisting a signature from Clamav Official
# ---

# - The file '/tmp/file.ext' is detected as a malware
# -
clamscan -i /tmp/file.ext

# - Output of that commnd:
# -
/tmp/file.ext: CVE_2012_0773-2 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 7634245
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.78 MB
Data read: 0.28 MB (ratio 2.80:1)
Time: 0.096 sec (0 m 0 s)


# - Create/Update the whitelist file '/var/lib/clamav/my_whitelist.ign2'
# -
echo "CVE_2012_0773-2" >> /var/lib/clamav/my_whitelist.ign2

# - If using clamav daemon, retsrat it
# -
# - Restart Clamav
/etc/init.d/clamav-daemon restart


# - Test again to verify the whitelist
clamscan -i /tmp/file.ext

----------- SCAN SUMMARY -----------
Known viruses: 7634245
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.78 MB
Data read: 0.28 MB (ratio 2.80:1)
Time: 0.096 sec (0 m 0 s)

# - The file is no longer considered malware.


# ---
# Whitelisting a signature from third party signatures (clamav-unofficial-sigs)
# ---

# - The file '/var/QUARANTINE/virus/virus-2afmbqnVgQAn' is detected as a malware
#- 
# - Test it with:
# - 
clamscan -i /var/QUARANTINE/virus/virus-2afmbqnVgQAn

# - Output of that commnd:
# -
/var/QUARANTINE/virus/virus-2afmbqnVgQAn: MBL_27966083.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6906592
Engine version: 0.100.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.01 MB (ratio 0.33:1)
Time: 76.506 sec (1 m 16 s)

# - Create/Update  of the whitelist file '/var/lib/clamav/my_whitelist.ign2'
# - without the .UNOFFICIAL suffix
# -
echo "MBL_27966083" >> /var/lib/clamav/my_whitelist.ign2

# - If file was created:
# -
chown clamav:clamav /var/lib/clamav/my_whitelist.ign2

# - If using clamav daemon, retsrat it
# -
# - Restart Clamav
/etc/init.d/clamav-daemon restart


# - Test again to verify the whitelist
# -
clamscan -i /var/QUARANTINE/virus/virus-2afmbqnVgQAn

# - Output is now:
# -

----------- SCAN SUMMARY -----------
Known viruses: 6906591
Engine version: 0.100.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 2.00:1)
Time: 73.752 sec (1 m 13 s)

# - The file is no longer considered malware.