Antivirus signature whitelist

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
avokain
Posts: 6
Joined: Wed Mar 15, 2017 2:23 pm

Antivirus signature whitelist

Post by avokain »

Hello , i have false positive of this sig BC.Rtf.Exploit.CVE_2018_0922-6471051-1 and i need to whitelist it

I found solution , but it doesnt work at latest zimbra 8.8.8

Code: Select all

su zimbra
echo "Win.Exploit.CVE_2016_3316-1" >> /opt/zimbra/data/clamav/db/local.ign2
zmclamdctl restart
Logs doesnt report about load .ign2 file as custom db. May be wrong path???
avokain
Posts: 6
Joined: Wed Mar 15, 2017 2:23 pm

Re: Antivirus signature whitelist

Post by avokain »

The solution is append .{} to the end of signature name in local.ign2 file
Like this:
BC.Rtf.Exploit.CVE_2018_0922-6471051-1.{}
Post Reply