"Noel Jones" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Jeremy Fairbrass wrote: >> Hi all, >> Is it possible to disable a specific virus name so that ClamAV won't detect >> it anymore? For example by creating some sort of >> special >> whitelist database file (in the same location as my .db files), or something >> along those lines? >> >> I'm running clamd on my mail server, which is called via clamdscan, and I >> frequently have the phishing "virus" named >> Phishing.Heuristics.Email.SpoofedDomain trigger on incoming, legitimate >> emails which are actually not phishing at all - ie. false >> positives. >> >> I know I can disable phishing checks altogether in my .conf file, but I'd >> like to keep them enabled, as the other phishing checks >> that clamav does, do work fine (and I also use SaneSecurity's phishing >> databases). I just want to be able to specifically disable >> Phishing.Heuristics.Email.SpoofedDomain so that clamav no longer uses that >> one. >> >> Can this be done? >> > > You can disable the heuristics-based phish checks without > disabling the signature-based checks. Both the official > clamav and SaneSecurity sigs will still work, but the false > positive prone heuristics will be disabled. > > With clamscan, use the --no-phishing-scan-urls option. > For clamd/clamdscan set in your clamd.conf: > DetectPhishing yes > PhishingScanURLs no > and restart clamd. > > > -- > Noel Jones > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html >
Thanks guys, that's just what I needed to know! :) Cheers, Jeremy _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
