I received a message earlier that was in fact a FP. I have the following settings in my /etc/clamd.conf. With the first commented out, the 2nd set to no and the third set to no should this even gotten a hit? This is ClamAV 0.98.4/19125/Mon Jun 23 16:50:52 2014
# This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 #StructuredMinSSNCount 5 # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes StructuredSSNFormatNormal no # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz # Default: no StructuredSSNFormatStripped no Here is the content preview from SA: Content preview: ( http://if.inboxfirst.com/ga/click/2-20619679-120-15601-31227-422010-3ea50cbb5c-b272103213 ) ( http://if.inboxfirst.com/ga/click/2-20619679-120-15601-31227-422011-3a6d9c5a87-b272103213 ) ( http://if.inboxfirst.com/ga/click/2-20619679-120-15601-31227-422012-0a7ac1c41a-b272103213 ) [...] I imagine that clamav took the numbers in the URL as SSNs? -- Chris KeyID 0xE372A7DA98E6705C 31.11°N 97.89°W (Elev. 1092 ft) 19:11:55 up 1:40, 1 user, load average: 0.43, 0.50, 0.52 Mandriva Linux 2010.2, kernel 2.6.33.7-desktop586-2mnb _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
