clamav-users January 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] False positive - CRDF.Malware-G

Re: [clamav-users] False positive - CRDF.Malware-Generic.3661413036.UNOFFICIAL

From: Steve Basford <steveb_clamav_at_nospam>
Date: Tue Jan 14 2014 - 13:32:01 GMT
To: "ClamAV users ML" <clamav-users@lists.clamav.net>

> Finally I found where this signature is located
> sigwhitelist.ign2:CRDF.Malware-Generic.3661413036
> Does someone know how can I bypass this signature? Which command?

Hi Pawel,

Just to add, that seeing the signature in sigwhitelist.ign2 means that
signature is in your whitelist already..

However, you must be using an older version of the download script, as
ONLY the newest version of the script will use sigwhitelist.ign2 to
whitelist sigs:

Eg:

Version 3.7.2 (updated 2013-08-25)
   - Added Sanesecurity signature whitelist "sigwhitelist.ign2" file
     to the list of default databases in the config file.

Download available here:
http://sourceforge.net/projects/unofficial-sigs/

Cheers,

Steve
Sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml