> -----Original Message----- > From: [email protected] [mailto:clamav-users- > [email protected]] On Behalf Of Bill Landry > Sent: Wednesday, May 20, 2009 8:27 AM > To: [email protected]; [email protected] > Subject: Re: [Clamav-users] Deletion of local.ign > > > The local.ign file contains signatures that the user would like ClamAV > to bypass when scanning a file due to issues like false-positives. > This is a very short-lived option as the signatures as contained in > local.ign require several fields: > > file_name : line_number : signature_name > > For example, a local.ign entry might look like the following: > > winnow_spam_complete.ndb:24:winnow.spam.ts.xmailer.hc.8 > > The reason these are short-lived entries is that the actual line > placement of an individual signature within a third-party signature > database can change with each update of the database, thereby > nullifying the local.ign whitelist entry, as the original signature > line placement within the signature database may have changed. > > The local.ign entries are really meant to be a very short-term option > to bypass a signature until the signature writer can either modify the > signature or remove it from the particular signature database. > > Currently, if the clamav-unofficial-sigs script finds that a local.ign > file exists, and its last timestamp (last change/modification time) is > older than 24 hours, it deletes the file as the entries are very likely > no longer valid. > > With that said, if clamav-unofficial-sigs script users would like this > feature in the script to be timeframe configurable, or even to have the > ability to disable it (or both), let me know and I will make this > available with the next update release of the script. >
The logic makes sense, but it seems that management of that file should be left to the admin. It may take an unknown amount of time for the bad signature to be removed. A nice feature to the script might be to add checks for each entry in the file to see if any are still valid before deleting. Jason A. Bertoch Network Administrator [email protected] Electronet Broadband Communications 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
