Am 28.03.2017 um 14:20 schrieb Matteo Dessalvi:
Hello.
Regarding your fist question you can execute the following
tools from the command line:
sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
--decode-sigs
Heuristics are *not* signatures
'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
of a string used to identify the signature of a possible threat (and
signature archives are distributed separately from ClamAV).
Heuristics are *not* signatures
Regarding your second question: you can create a whitelist
file which contains all the signatures that ClamAV should ignore.
Ref:
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature
Heuristics are *not* signatures
stop spread wrong informations - you *can not* put heuristics in .ign2
files, well you can, but it won't work
Usually this whitelist file should reside in the same directory
where ClamAV has installed the signatures archives (on most
Linux installations is by default under /var/lib/clamav).
Heuristics are *not* signatures
On 03/28/2017 01:53 PM, Jonas Manusch wrote:
Cheers folks,
since last weekend my clamscan states
Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out
to third parties. I tried to find out what the above means, but only
found very little information that was not really helpful. Also tried
to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I
got here with a couple of questions:
1. Where can I find information about what kind of threat this?
2. How could I disable only this one type?
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
