Page 1 of 1

Antivirus signature whitelist

Posted: Thu Jun 21, 2018 11:49 am
by avokain
Hello , i have false positive of this sig BC.Rtf.Exploit.CVE_2018_0922-6471051-1 and i need to whitelist it

I found solution , but it doesnt work at latest zimbra 8.8.8

Code: Select all

su zimbra
echo "Win.Exploit.CVE_2016_3316-1" >> /opt/zimbra/data/clamav/db/local.ign2
zmclamdctl restart


Logs doesnt report about load .ign2 file as custom db. May be wrong path???

Re: Antivirus signature whitelist

Posted: Fri Jun 22, 2018 9:24 am
by avokain
The solution is append .{} to the end of signature name in local.ign2 file
Like this:
BC.Rtf.Exploit.CVE_2018_0922-6471051-1.{}