|Main Archive Page > Month Archives > clamav-users archives|
I found a problem with false positive malware CRDF.Malware-Generic.3661413036.UNOFFICIAL. I wanted to decode and bypass this signature but it looks like this can be an image signature or another type of signature
Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or
a hexadecimal encoded data string and press enter (do not include '.UNOFFICIAL'
in the signature name nor add quote marks to any input string):
Signature 'CRDF.Malware-Generic.3661413036' could not be found.
This script will only decode ClamAV 'UNOFFICIAL' third-Party,
non-image based, signatures as found in the *.ndb databases.
Finally I found where this signature is located
/var/lib/clamav/clamav-unofficial-sigs/ss-dbs# grep CRDF.Malware-Generic.3661413036 *
/var/lib/clamav/clamav-unofficial-sigs/ss-dbs# ls -la sigwhitelist.ign2*
-rw-r--r-- 1 clamav clamav 4598 Jan 14 10:33 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav 72 Jan 14 10:33 sigwhitelist.ign2.sig
Does someone know how can I bypass this signature? Which command?
Thanks in advance!