On 16/01/12 13:55, Török Edwin wrote: > On 01/16/2012 03:53 PM, Anne Wilson wrote: >> I run clamav on my mail server, and my daughter runs clamwin on >> Windows 7, on my recommendation. This morning's scan showed midi >> files that have been on my server for 2 years or more as being >> infected, e.g.: >> >> /Data1/Midi/AudigyCD/SYMPHONY.MID: BC.Exploit.CVE_2012_0003 FOUND >> >> Soon after reading this, I got a phone call from my daughter saying >> that clamwin had quarantined all midi files supplied in the >> Creative Soundblaster X-Fi installation. The screenshot she sent >> me shows nothing but the midi files. > > Please submit some of those false positives here (make sure you > choose the 'A false positive' radiobox): > http://cgi.clamav.net/sendvirus.cgi > Thanks. I've done that. I was careful to mark it as "a false positive" but got the message "This virus is already recognized by ClamAV 0.97.3/14314/Mon Jan 16 " - I assume that I can ignore that?
I'll submit one from her Windows box as soon as she emails it to me. >> >> I have told her not to worry for now, but is there a way to mark >> these as not infected and remove them from quarantine? >> > > Create a file called local.ign2 in your database directory and add > this line to it: BC.Exploit.CVE_2012_0003 > Done that too. Thanks for the prompt reply. I'm not very familiar with Windows' organisation of this sort of thing, so can you suggest where I should tell her to put the ignore file? Should she just search for daily.cld to find the directory, or is it labelled some other way in Windows? Thanks for the help. Anne -- Need KDE help? Try http://userbase.kde.org or Http://forum.kde.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
