I'm seeing several false positives for Exploit.W32.MS05-002 since I upgraded to 0.82 yesterday. I've posted samples to the submission website but would like to do something about this. Using "sigtool -l" doesn't list Exploit.W32.MS05-002 as a signature in the database, is there any way I can disable this check? I tried reverting to 0.81 but that didn't help.
Finally worked out how to (correctly) revert to 0.81, had to remove the libraries in /usr/local/lib before doing the "make install" for 0.81. I'm no longer getting the false positives, just the WARNING message from freshclam - which I'm happy to ignore until the other issue is dealt with.
Am I right that the MS05-002 check is built into the clamscan executable (libclamav) an is not a true signature?
FAS
FAS _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
