[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [Clamav-users] false alert - Trojan.FakeAlert-566
From:       "Steve Basford" <steveb_clamav () sanesecurity ! com>
Date:       2008-09-12 8:04:42
Message-ID: 62605.88.97.0.153.1221206682.squirrel () saturn ! dataflame ! net
[Download RAW message or body]

> A lot of files are found with Trojan.FakeAlert-566. I scanned this files
> with virscan.org with different engines and just only clamav is reporting
> a
> trojan.

Upload your file here and Select the False Positive option:
http://cgi.clamav.net/sendvirus.cgi

I report one such FP yesterday (hashtab)

Also, if you'd like to look here:
http://www.clamav.net/doc/latest/signatures.pdf

It talkes about whitelisting sigs (section 2.5)

I tried creating a file: local.ign with this:

daily.mdb:11851:Trojan.FakeAlert-566

But doesn't seem to whitelist????

I also tried a local.fp file (created using sigtool --md5):

9cba8095538d99943fbe9f09c5fd6e90:541866:hashtab2_setup.exe

But again, didn't seem to whitelist... could someone else check a test
like this, as maybe it's the clamwin port I'm using?

Cheers,

Steve
Sanesecurity




_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
[prev in list] [next in list] [prev in thread] [next in thread]