Jeremy Fairbrass wrote: > Hi all, > Is it possible to disable a specific virus name so that ClamAV won't detect > it anymore? For example by creating some sort of special > whitelist database file (in the same location as my .db files), or something > along those lines? > > I'm running clamd on my mail server, which is called via clamdscan, and I > frequently have the phishing "virus" named > Phishing.Heuristics.Email.SpoofedDomain trigger on incoming, legitimate > emails which are actually not phishing at all - ie. false > positives. >
Please submit those false positives here: http://cgi.clamav.net/sendvirus.cgi > I know I can disable phishing checks altogether in my .conf file, but I'd > like to keep them enabled, as the other phishing checks > that clamav does, do work fine (and I also use SaneSecurity's phishing > databases). I just want to be able to specifically disable > Phishing.Heuristics.Email.SpoofedDomain so that clamav no longer uses that > one. > > Can this be done? > Put this in your clamd.conf: PhishingScanURLs No It disables all Phishing.Heuristics.*, it keeps signature-based detection. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
