On 2011-03-31 10:36, kshitij mali wrote: > Hi Edwin > > A lot many thanks for you for guiding me . > > please guide me still more further . > > > Can you tell me what actuall the below command does before i run on > production mail server which has high traffic of email scanning. > > sigtool -f XF.Sic.E|sigtool --decode-sigs > sigtool -f XF.Sic.L|sigtool --decode-sigs
You don't have to run on a production machine, you can run on any machine with ClamAV installed. What it does is this: Lookup the signature for XF.Sic.E, and then print the signature in a human readable form (i.e. decode the hex-signature, etc.). > >>>If you're sure it is a FP, then submit it at clamav.net/sendvirus > <http://clamav.net/sendvirus>, and >>>mark it as a false positive. > > Yes i am sure this is an false postive because that file which is marked > has virus i have copied to by windows xp desktop machine and scanned > with maccfee antivirus . That doesn't mean its clean: - it could be a file that was infected, later cleaned, but part of the malicious payload still being left behind - it could be a file that the other AV missed - if the file is not confidential, try uploading the file to virustotal.com to see what other AVs have to say about it --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
