Hi Edwin , I uploaded the file and found to be clean and only clamav engine detection for category XF.Sic.L .
Please suggest how can i make ignore the clamav to check this file type . Regards, Kshitij [email protected] 2011/3/31 Török Edwin <[email protected]> > On 2011-03-31 10:36, kshitij mali wrote: > > Hi Edwin > > > > A lot many thanks for you for guiding me . > > > > please guide me still more further . > > > > > > Can you tell me what actuall the below command does before i run on > > production mail server which has high traffic of email scanning. > > > > sigtool -f XF.Sic.E|sigtool --decode-sigs > > sigtool -f XF.Sic.L|sigtool --decode-sigs > > You don't have to run on a production machine, you can run on any > machine with ClamAV installed. > What it does is this: > Lookup the signature for XF.Sic.E, and then print the signature in a > human readable form (i.e. decode the hex-signature, etc.). > > > > >>>If you're sure it is a FP, then submit it at clamav.net/sendvirus > > <http://clamav.net/sendvirus>, and > >>>mark it as a false positive. > > > > Yes i am sure this is an false postive because that file which is marked > > has virus i have copied to by windows xp desktop machine and scanned > > with maccfee antivirus . > > That doesn't mean its clean: > - it could be a file that was infected, later cleaned, but part of the > malicious payload still being left behind > - it could be a file that the other AV missed > - if the file is not confidential, try uploading the file to > virustotal.com to see what other AVs have to say about it > > --Edwin > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
