On Fri, 2014-05-09 at 14:17 -0400, Bill Bennert wrote:
> Hi Alain,
> I greatly appreciate your time in confirming this. In response, I did
> some additional research and understand that it is a true positive since
> the file runs a test for that exact condition. Would white-listing it
> using a file signature hash be valid measure, or would that a bad idea?
> This is the first time I've encountered a true positive on a file I
> would normally keep and want to make sure I handle it appropriately.
Why would you do this in the first place. You are unquestionably
guaranteeing a True-Positive to get through. That could be exploited...
or not.
Just make sure you realize what you are doing, not having blinders on.
--
greg folkert - systems administration and support
web: donor.com
email: g...@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"It is quality rather than quantity that matters."
-- Lucius Annaeus Seneca
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
