Re: [clamav-users] clamav block the XF.Sic.L and XF.Sic.E vi…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: kshitij mali
Date:  
To: Török Edwin
CC: ClamAV users ML
Subject: Re: [clamav-users] clamav block the XF.Sic.L and XF.Sic.E virus
Hi Edwin ,

I uploaded the file and found to be clean and only clamav engine detection
for category XF.Sic.L .

Please suggest how can i make ignore the clamav to check this file type .

Regards,
Kshitij


2011/3/31 Török Edwin <>

> On 2011-03-31 10:36, kshitij mali wrote:
> > Hi Edwin
> >
> > A lot many thanks for you for guiding me .
> >
> > please guide me still more further .
> >
> >
> > Can you tell me what actuall the below command does before i run on
> > production mail server which has high traffic of email scanning.
> >
> > sigtool -f XF.Sic.E|sigtool --decode-sigs
> > sigtool -f XF.Sic.L|sigtool --decode-sigs
>
> You don't have to run on a production machine, you can run on any
> machine with ClamAV installed.
> What it does is this:
> Lookup the signature for XF.Sic.E, and then print the signature in a
> human readable form (i.e. decode the hex-signature, etc.).
>
> >
> >>>If you're sure it is a FP, then submit it at clamav.net/sendvirus
> > <http://clamav.net/sendvirus>, and
> >>>mark it as a false positive.
> >
> > Yes i am sure this is an false postive because that file which is marked
> > has virus i have copied to by windows xp desktop machine and scanned
> > with maccfee antivirus .
>
> That doesn't mean its clean:
> - it could be a file that was infected, later cleaned, but part of the
> malicious payload still being left behind
> - it could be a file that the other AV missed
> - if the file is not confidential, try uploading the file to
> virustotal.com to see what other AVs have to say about it
>
> --Edwin
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml