On Wed, Apr 21, 2010 at 01:25:59PM +0100, Steve Basford wrote:
> > I guess this is a false positive?
>
> decodes to:
>
> width=1 height=1 f*r*a*m*e*b*o*r*d*e*r=0></i*f*r*a*m*e>
> (remove *'s)
>
> I guess this might hit on
>
> If you are using 0.96 and want to whitelist it:
Debian Volatile: 0.95
> 1. create a whitelist.ign2 file (for example)
> 2. insert the text: HTML.IFrame-39
> 3. restart clamd
Tried it somewhere else. Works. Really nice.
> 4. Submit a sample and click the False Positive box:
We use HAVP+clamav as a parent proxy webscanner. This signature hits a
lot of big sites.
So long,
Aiko
--
:wq ✉
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
