Hi all,
Is it possible to disable a specific virus name so that ClamAV won't detect it 
anymore? For example by creating some sort of special 
whitelist database file (in the same location as my .db files), or something 
along those lines?

I'm running clamd on my mail server, which is called via clamdscan, and I 
frequently have the phishing "virus" named 
Phishing.Heuristics.Email.SpoofedDomain trigger on incoming, legitimate emails 
which are actually not phishing at all - ie. false 
positives.

I know I can disable phishing checks altogether in my .conf file, but I'd like 
to keep them enabled, as the other phishing checks 
that clamav does, do work fine (and I also use SaneSecurity's phishing 
databases). I just want to be able to specifically disable 
Phishing.Heuristics.Email.SpoofedDomain so that clamav no longer uses that one.

Can this be done?

For the record, I'm running the official Windows port of clamav from 
http://w32.clamav.net, however I don't believe this is an issue 
specific to the Windows version - it's a general question regarding clamav 
databases and whitelisting etc.

Cheers,
Jeremy 



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to