Poštni seznam arhiviranih sporo?il Prejšnje sporo?ilo naslednje sporo?ilo Nazaj na seznam

Od: "Massimo S." <ecs-isp@2rosenthals.com> Glava
Izvorno E-sporo?ilo
Zadeva: Re: [eCS-ISP] clamscan issue - directories with a lot of files - ClamAV whitelist
Datum: Tue, 5 Nov 2024 20:35:05 +0100
Za: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Il 05/11/2024 18:10, Steven Levine ha scritto:
In <list-11206264@2rosenthals.com>, on 11/05/24
    at 01:01 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

And there is also another issue, never fixed by ClamAV developers, Poste
Italiane shipping notifications generate an heuristic false positive and
there is no way to disable heuristic in ClamAV in general.

Have you tried the whitelisting method documented in:

   https://community.nethserver.org/t/clamav-false-positive-how-can-i-allow-whitelist-the-signature/21154

Steven

hi,

thanks, but this do not work anymore
but the suggestion is good

i found:

https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format

and i've created daily.wdb in the \clamav\share\clamav (db dir)
with this content:

X:https://www.posteitaliane.it:https://business.poste.it

and now this is ignored:

Infected files: 0
Data scanned: 0.07 MB


this was the false positive before the white-list:

LibClamAV info: Suspicious link found!
LibClamAV info:   Real URL:    https://www.posteitaliane.it
LibClamAV info:   Display URL: https://business.poste.it

x:/mypath/myemail.MSG: Heuristics.Phishing.Email.SpoofedDomain FOUND


massimo
Naro?iti: Poro?ilo (Feed), Izvle?ek (Digest), Indeks.
Odjava
E-pošta za mojstra za sezname