Re: [clamav-users] clamav block the XF.Sic.L and XF.Sic.E vi…

Top Page
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: kshitij mali
To: Török Edwin
CC: ClamAV users ML
Subject: Re: [clamav-users] clamav block the XF.Sic.L and XF.Sic.E virus
Hi Edwin ,

I uploaded the file and found to be clean and only clamav engine detection
for category XF.Sic.L .

Please suggest how can i make ignore the clamav to check this file type .


2011/3/31 Török Edwin <>

> On 2011-03-31 10:36, kshitij mali wrote:
> > Hi Edwin
> >
> > A lot many thanks for you for guiding me .
> >
> > please guide me still more further .
> >
> >
> > Can you tell me what actuall the below command does before i run on
> > production mail server which has high traffic of email scanning.
> >
> > sigtool -f XF.Sic.E|sigtool --decode-sigs
> > sigtool -f XF.Sic.L|sigtool --decode-sigs
> You don't have to run on a production machine, you can run on any
> machine with ClamAV installed.
> What it does is this:
> Lookup the signature for XF.Sic.E, and then print the signature in a
> human readable form (i.e. decode the hex-signature, etc.).
> >
> >>>If you're sure it is a FP, then submit it at
> > <>, and
> >>>mark it as a false positive.
> >
> > Yes i am sure this is an false postive because that file which is marked
> > has virus i have copied to by windows xp desktop machine and scanned
> > with maccfee antivirus .
> That doesn't mean its clean:
> - it could be a file that was infected, later cleaned, but part of the
> malicious payload still being left behind
> - it could be a file that the other AV missed
> - if the file is not confidential, try uploading the file to
> to see what other AVs have to say about it
> --Edwin

Help us build a comprehensive ClamAV guide: visit