2011/3/31 Török Edwin <email@example.com>
> On 2011-03-31 10:36, kshitij mali wrote:
> > Hi Edwin
> > A lot many thanks for you for guiding me .
> > please guide me still more further .
> > Can you tell me what actuall the below command does before i run on
> > production mail server which has high traffic of email scanning.
> > sigtool -f XF.Sic.E|sigtool --decode-sigs
> > sigtool -f XF.Sic.L|sigtool --decode-sigs
> You don't have to run on a production machine, you can run on any
> machine with ClamAV installed.
> What it does is this:
> Lookup the signature for XF.Sic.E, and then print the signature in a
> human readable form (i.e. decode the hex-signature, etc.).
> >>>If you're sure it is a FP, then submit it at clamav.net/sendvirus
> > <http://clamav.net/sendvirus>, and
> >>>mark it as a false positive.
> > Yes i am sure this is an false postive because that file which is marked
> > has virus i have copied to by windows xp desktop machine and scanned
> > with maccfee antivirus .
> That doesn't mean its clean:
> - it could be a file that was infected, later cleaned, but part of the
> malicious payload still being left behind
> - it could be a file that the other AV missed
> - if the file is not confidential, try uploading the file to
> virustotal.com to see what other AVs have to say about it