List ecs-isp@2rosenthals.com Arkiverade meddelande #1008 föregående meddelande nästa meddelande Tillbaks till lista

Från: "Massimo S." <ecs-isp@2rosenthals.com> Meddelandehuvud
Oavkodat meddelande
Ämne: Re: [eCS-ISP] clamscan issue - directories with a lot of files - ClamAV whitelist
Datum: Tue, 5 Nov 2024 20:35:05 +0100
Till: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Il 05/11/2024 18:10, Steven Levine ha scritto:
In <list-11206264@2rosenthals.com>, on 11/05/24
    at 01:01 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

And there is also another issue, never fixed by ClamAV developers, Poste
Italiane shipping notifications generate an heuristic false positive and
there is no way to disable heuristic in ClamAV in general.

Have you tried the whitelisting method documented in:

   https://community.nethserver.org/t/clamav-false-positive-how-can-i-allow-whitelist-the-signature/21154

Steven

hi,

thanks, but this do not work anymore
but the suggestion is good

i found:

https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format

and i've created daily.wdb in the \clamav\share\clamav (db dir)
with this content:

X:https://www.posteitaliane.it:https://business.poste.it

and now this is ignored:

Infected files: 0
Data scanned: 0.07 MB


this was the false positive before the white-list:

LibClamAV info: Suspicious link found!
LibClamAV info:   Real URL:    https://www.posteitaliane.it
LibClamAV info:   Display URL: https://business.poste.it

x:/mypath/myemail.MSG: Heuristics.Phishing.Email.SpoofedDomain FOUND


massimo
Prenumerera: Sändning, Uppsamling, Index.
Stoppa prenumeration
Meddelande till ListMaster