Archivovaná správa #1008 diskusnej skupiny ecs-isp@2rosenthals.com predchádzajúca správa ?alšia správa spä? do zoznamu

Od: "Massimo S." <ecs-isp@2rosenthals.com> Celá hlavi?ka
Nedekódovaná správa
Hlavi?ka: Re: [eCS-ISP] clamscan issue - directories with a lot of files - ClamAV whitelist
Dátum: Tue, 5 Nov 2024 20:35:05 +0100
Komu: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Il 05/11/2024 18:10, Steven Levine ha scritto:
In <list-11206264@2rosenthals.com>, on 11/05/24
    at 01:01 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

And there is also another issue, never fixed by ClamAV developers, Poste
Italiane shipping notifications generate an heuristic false positive and
there is no way to disable heuristic in ClamAV in general.

Have you tried the whitelisting method documented in:

   https://community.nethserver.org/t/clamav-false-positive-how-can-i-allow-whitelist-the-signature/21154

Steven

hi,

thanks, but this do not work anymore
but the suggestion is good

i found:

https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format

and i've created daily.wdb in the \clamav\share\clamav (db dir)
with this content:

X:https://www.posteitaliane.it:https://business.poste.it

and now this is ignored:

Infected files: 0
Data scanned: 0.07 MB


this was the false positive before the white-list:

LibClamAV info: Suspicious link found!
LibClamAV info:   Real URL:    https://www.posteitaliane.it
LibClamAV info:   Display URL: https://business.poste.it

x:/mypath/myemail.MSG: Heuristics.Phishing.Email.SpoofedDomain FOUND


massimo
Prihlási?: Nap??a?, Súhrn, Index.
Odhlási?
Mail na ListMastera