Hello, I found a problem with false positive malware CRDF.Malware-Generic.3661413036.UNOFFICIAL. I wanted to decode and bypass this signature but it looks like this can be an image signature or another type of signature
/usr/local/sbin/clamav-unofficial-sigs.sh -d Input a third-party signature name to decode (e.g: Sanesecurity.Junk.15248) or a hexadecimal encoded data string and press enter (do not include '.UNOFFICIAL' in the signature name nor add quote marks to any input string): CRDF.Malware-Generic.3661413036 Signature 'CRDF.Malware-Generic.3661413036' could not be found. This script will only decode ClamAV 'UNOFFICIAL' third-Party, non-image based, signatures as found in the *.ndb databases. Finally I found where this signature is located /var/lib/clamav/clamav-unofficial-sigs/ss-dbs# /var/lib/clamav/clamav-unofficial-sigs/ss-dbs# grep CRDF.Malware-Generic.3661413036 * sigwhitelist.ign2:CRDF.Malware-Generic.3661413036 /var/lib/clamav/clamav-unofficial-sigs/ss-dbs# ls -la sigwhitelist.ign2* -rw-r--r-- 1 clamav clamav 4598 Jan 14 10:33 sigwhitelist.ign2 -rw-r--r-- 1 clamav clamav 72 Jan 14 10:33 sigwhitelist.ign2.sig Does someone know how can I bypass this signature? Which command? Thanks in advance! Pawel _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
