Jeremy Fairbrass wrote: > Hi all, > Is it possible to disable a specific virus name so that ClamAV won't detect > it anymore? For example by creating some sort of special > whitelist database file (in the same location as my .db files), or something > along those lines? > > I'm running clamd on my mail server, which is called via clamdscan, and I > frequently have the phishing "virus" named > Phishing.Heuristics.Email.SpoofedDomain trigger on incoming, legitimate > emails which are actually not phishing at all - ie. false > positives. > > I know I can disable phishing checks altogether in my .conf file, but I'd > like to keep them enabled, as the other phishing checks > that clamav does, do work fine (and I also use SaneSecurity's phishing > databases). I just want to be able to specifically disable > Phishing.Heuristics.Email.SpoofedDomain so that clamav no longer uses that > one. > > Can this be done? >
You can disable the heuristics-based phish checks without disabling the signature-based checks. Both the official clamav and SaneSecurity sigs will still work, but the false positive prone heuristics will be disabled. With clamscan, use the --no-phishing-scan-urls option. For clamd/clamdscan set in your clamd.conf: DetectPhishing yes PhishingScanURLs no and restart clamd. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
