Antivirus signature whitelist

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
avokain
Posts: 6
Joined: Wed Mar 15, 2017 2:23 pm

Antivirus signature whitelist

Postby avokain » Thu Jun 21, 2018 11:49 am

Hello , i have false positive of this sig BC.Rtf.Exploit.CVE_2018_0922-6471051-1 and i need to whitelist it

I found solution , but it doesnt work at latest zimbra 8.8.8

Code: Select all

su zimbra
echo "Win.Exploit.CVE_2016_3316-1" >> /opt/zimbra/data/clamav/db/local.ign2
zmclamdctl restart


Logs doesnt report about load .ign2 file as custom db. May be wrong path???


avokain
Posts: 6
Joined: Wed Mar 15, 2017 2:23 pm

Re: Antivirus signature whitelist

Postby avokain » Fri Jun 22, 2018 9:24 am

The solution is append .{} to the end of signature name in local.ign2 file
Like this:
BC.Rtf.Exploit.CVE_2018_0922-6471051-1.{}

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 18 guests