Re: [clamav-users] clamav block the XF.Sic.L and XF.Sic.E vi…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: kshitij mali
Date:  
To: ClamAV users ML
Subject: Re: [clamav-users] clamav block the XF.Sic.L and XF.Sic.E virus
Hi Edwin

A lot many thanks for you for guiding me .

please guide me still more further .


Can you tell me what actuall the below command does before i run on
production mail server which has high traffic of email scanning.

sigtool -f XF.Sic.E|sigtool --decode-sigs
sigtool -f XF.Sic.L|sigtool --decode-sigs

>>If you're sure it is a FP, then submit it at clamav.net/sendvirus, and
>>mark it as a false positive.


Yes i am sure this is an false postive because that file which is marked has
virus i have copied to by windows xp desktop machine and scanned with
maccfee antivirus .


Regards,

kshitij


2011/3/31 Török Edwin <>

> On 2011-03-31 10:22, kshitij mali wrote:
> > Hi All ,
> >
> >
> > I am using postfix with amavisd-new for mail gateway
> >
> > where amavid-new it using clamd for scanning email and has the flase
> postive
> > it alway block the email attachment which containing virus XF.Sic.L and
> > XF.Sic.E virus , where actually it is not an virus .
>
> Are you sure? The signature contains "Infect Workbook" among others.
>
> See:
> sigtool -f XF.Sic.E|sigtool --decode-sigs
> sigtool -f XF.Sic.L|sigtool --decode-sigs
> >
> > Please tell me how to overcome this false postive.
>
> If you're sure it is a FP, then submit it at clamav.net/sendvirus, and
> mark it as a false positive.
>
> Best regards,
> --Edwin
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml