I've dropped .js, .html, and .lnk as top level extensions from those
signatures as they were causing too many problems.
Zip.Suspect.MiscDoubleExtension-zippwd-8:*:(?i)((\.doc)|([
_.-](7z|avi|bmp|csv|docx|gif|gz|jpeg|jpg|mov|mp3|mp4|mpg|pdf|png|pps|ppt|pptx|psd|rar|tar|tar\.gz|tif|tiff|txt|wav|xls|
Tim Edwards wrote:
> The recent addition of Zip.Suspect.MiscDoubleExtension signatures has been
> causing a lot of trouble for us, as it keeps getting flagged for completely
> innocuous files such as foo_handle_pdf.js.
One common thread I've been seeing is that people reporting specific
cases are
The question he asked is are regex expressions allowed in the whitelist file.
I've never looked into it so don't know, but it seems like it could be a useful
feature although extremely easy to abuse.
What he would like to do is replace multiple similar entries that are causing
FP's:
Zip.Suspec
https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf
"To whitelist a specific signature from the database you just add its name
into a local file called local.ign2 stored inside the database directory."
- Alain
On Thu, Sep 25, 2014 at 11:31 AM, Tim Edwards wrote:
> The rece
