Not sure where on the internet you found these instructions, but I believe they are old. The new way is to use the ".ign2" extension containing <SignatureName> for signatures to be completely ignored and an ".fp" file with <MD5>:<FileSize>:<Comment> for individual files to be ignored so that the signature will still pick up any actual infected files.
Perhaps this site will help <http://pig.made-it.com/clamav.html> -Al- On Wed, Apr 05, 2017 at 01:49 AM, Gaurav Kumar Garg wrote: > > Hi ClamAV user, developer, > > I am new to clamAV. I like its design. > > While scanning i saw few false positive virus. I search on internet and found > out that i can avoid these false positive by writing md5 sum to local.ign > file and putting this file in /var/lib/clamav/* directory. then restarting > clamd daemon. > > > Its partially working, means it working when i scan false positive file with > clamscan -d and its not working with clamdscan. > > > Steps for creating local.ign file: > > > $ sigtool --md5 my_file_name.exe >> local.ign > > > after that i put this file in /var/lib/clamav/* directory and restarted clamd > daemon. > > > when i execute $ clamscan -d /var/lib/clamav/local.ign my_file_name.exe then > its not reporting false positive, its working perfectly. > > > But when i scan this file using clamdscan then its still reporting false > positive. > > > Could anyone help me regarding this false positive avoidance. > > > I can not submit my false positive file because of some business ethics and > compliance. > > > Thank you in advance, > > > Regards, > > Gaurav
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
