On Thu, October 15, 2015 4:03 pm, Gene Heskett wrote: > Greetings everybody; > > > I added a new, not quite official database to my clamav checker, and this > morning its fussing about several files I have on my web page: > /var/www/html/gene/Genes-os9-stf/dw4_beta_1.4.tar.gz: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > /var/www/html/gene/Genes-os9-stf/print4dw.tar.gz: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > /var/www/html/gene/stuff4george/dw4beta-3.9.72.zip: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > /var/www/html/gene/stuff4george/dw4_beta1.tar.gz: > Sanesecurity.Foxhole.Zip.UNOFFICIAL FOUND > > > I firmly believe that these are false positives since the 2nd one at > least, was generated on this linux machine.
Gene, Lighbulb moment... I take it the database you used was the version posted by Rajesh on the mailing list, ***which was modifed for Rajesh***... in which case... that's why you are getting FP's. In short, as I said on the list earlier it won't suite everybody. You should be using: foxhole_filename.cdb foxhole_generic.cdb or to block most windows items: foxhole_all.cdb http://sanesecurity.co.uk/foxhole-databases/ The above files are available on the Sanesecurity mirrors. Again, if you want to discuss, let's move to the right mailing list, hopefully that clears that up :) Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
