On Wed, 22 Oct 2003 at 3:52:04 -0400, lists wrote: > i' ve recently started using clamav to scan SAMBA directories, and to > scan incoming e-mail messages (in conjunction with amavis). > > i've been seeing a lot of false positives on the file scans, most of > them Word macro virii: > > WM.CAP > WordMacro.Concept > W97M/Story.A > Trojan.Stealth.D >
When have you seen the latest false positive about Trojan.Stealth.D? Because the false positive has been already reported, I replaced the signature on 2003.10.16 and the reporter confirmed that the problem went away. > my script sends the clamav report to our IT support department mailing > list, and i'm getting some negative feedback from techs about all the > false positives wasting time. > > also, i'm very concerned that clamav may be rejecting e-mail documents > that contain attachments that are not infected. > > this is pretty serious for us - is this a known issue? is there a fix > or a workaround? how about a list of known false positives, and a way > to bypass scanning for these? > An emergency, personal workaround is removing the culprit signature from the viruses.db (viruses.db2) file. Of course the next execution of automatic update of the database will overwrite the file. The correct fix is to submit such falsely infected file via normal way: < http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi >, clearly stating that you think that it's not infected file and it gives false positive about what virus. The more details, the better (e.g. which AV scanners do *not* detect a virus in the file). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
