[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [Clamav-users] false alert - Trojan.FakeAlert-566
From: "Steve Basford" <steveb_clamav () sanesecurity ! com>
Date: 2008-09-12 8:04:42
Message-ID: 62605.88.97.0.153.1221206682.squirrel () saturn ! dataflame ! net
[Download RAW message or body]
> A lot of files are found with Trojan.FakeAlert-566. I scanned this files
> with virscan.org with different engines and just only clamav is reporting
> a
> trojan.
Upload your file here and Select the False Positive option:
http://cgi.clamav.net/sendvirus.cgi
I report one such FP yesterday (hashtab)
Also, if you'd like to look here:
http://www.clamav.net/doc/latest/signatures.pdf
It talkes about whitelisting sigs (section 2.5)
I tried creating a file: local.ign with this:
daily.mdb:11851:Trojan.FakeAlert-566
But doesn't seem to whitelist????
I also tried a local.fp file (created using sigtool --md5):
9cba8095538d99943fbe9f09c5fd6e90:541866:hashtab2_setup.exe
But again, didn't seem to whitelist... could someone else check a test
like this, as maybe it's the clamwin port I'm using?
Cheers,
Steve
Sanesecurity
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic