Hi, When you have "UNOFFICIAL" in the Clamav findings, means that a signature was created with a sigtool either for md5 or hex-dump and added manually in the .hdb or .ndb files.
I strongly encourage you not to use any database you dont know, because the signatures may be written for a purpouse different than yours. For example, imagine someone has managed to create a signature to identify all binary ELF64 magic numbers as malware? Things like this will surely get you in trouble. You should contact directly the owners of this database if you think this is a false positive. On Thu, Oct 15, 2015 at 3:03 PM, Gene Heskett <ghesk...@wdtv.com> wrote: > Greetings everybody; > > I added a new, not quite official database to my clamav checker, and this > morning its fussing about several files I have on my web page: > /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > /var/www/html/gene/Genes-os9-stf/print4dw.tar.gz: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > /var/www/html/gene/stuff4george/dw4beta-3.9.72.zip: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > /var/www/html/gene/stuff4george/dw4_beta1.tar.gz: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > > I firmly believe that these are false positives since the 2nd one at > least, was generated on this linux machine. The likelyhood of it being > compromised is extremely slim. There's a session of dd-wrt between this > machine and the internet that only one person other than you folks with > a browser, and my apache2 is running in a sandbox, has come in and I had > to give him the username & pw to get past the guard dogs in dd-wrt. > > The other 3 could be done away with as everyone is using newer versions > of dw by now. > > So they will be gone from tomoorows scan report. > > Clamav user list, comments please? > Cheers, Gene Heskett > -- > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author) > Genes Web page <http://geneslinuxbox.net:6309/gene> > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Grato, Tozo _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
