On 5/29/15 4:20 AM, Paul Martin wrote:
Hello,
I have many false positive when clamav detects "malware
Html.Exploit.CVE_2015_0045",
what can I do to stop these false positive ?
Thanks, Paul
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
You can create a whitelist file for signatures. In your case the file would
contain only
Html.Exploit.CVE_2015_0045
The file name can be anything you wish so long as the extension is .ign2.
Create a text file with the the name whitelist.ign2
Add the signature(s) you wish clamav to ignore, each on a separate line
Copy the file to your ClamAV signature directory, change the
permissions/ownership to allow ClamAV to read the file.
It is bad practice to edit a live file that is already in the signature
directory. Make your changes to any signature files in a safe directory.
Submit the FP to the ClamAV signature team unless you have reason to believe the
FP is local to certain files that are unique to your system.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
