Hi,
i tried the other format already but that gives me a:
Wed Mar 30 11:10:35 2016 -> ERROR: reload db failed: Malformed database
Wed Mar 30 11:10:35 2016 -> Terminating because of a fatal error.
See, it's a very old ClamAV version which still uses local.ign and not
local.ign2.
Matze
On Wed,
Leave off the “main.cvd:1204:” and just put “Email.Phishing.Bank-1204”
But I’m surprised you are finding this to be an FP as it’s apparently been
around for quite awhile. The signature it’s looking for is:
"Use the link below to verify all_the suspicious transaction in your account
now"
excep
Hi,
we have a problem with a lot of false positives of signature
"Email.Phishing.Bank-1204"
We are running ClamAV 0.95.2 and i tried to create a local.ign DB
which contains
main.cvd:1204:Email.Phishing.Bank-1204
but that did not help.
Can anybody help how to whitelist this sig?
Updating ClamA
