Super User Asked by Kalib Zen on December 9, 2020
I use ClamAV with 3rd party signature. So, in order to exclude some virus signature from scanning, I followed the official documentation to add a new .ign2 file like below:
cd /usr/local/share/clamav/
touch whitelist.ign2
chmod 644 whitelist.ign2
When doing the scan I got a false positive signature like this:
/mysql/mysql_backups-02-08-2020_04-30-01/databasedbs.sql.gz: YARA.eval_post.UNOFFICIAL FOUND
So, I included the signature like this in the whitelist.ign2. Here are some of other exclude signatures:
$ cat /usr/local/share/clamav/whitelist.ign2
{HEX}Malware.Expert.generic.eval.post.2
{HEX}php.malware.magento.594
{HEX}Malware.Expert.malware.url.hastebin.com.0
{multi}Malware.Expert.wget.curl.lwp-download.exec.system.signature
YARA.php_malware_hexinject
YARA.shankar_php_php
YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php
{HEX}Malware.Expert.generic.eval.gzinflate.base64.9
{HEX}Malware.Expert.generic.malware.127
YARA.r57shell_php_php
YARA.eval_post
From my tests, some signature are excluded like
{HEX}php.malware.magento.594, {HEX}Malware.Expert.generic.eval.post.2
but some signatures are not excluded and still found by clamav eventhough I have included in the excluded list example:
YARA.eval_post, YARA.r57shell_php_php
Anyone experience this problem ? What do you do to solve this.
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP