Hi!
I'm trying to disable this signature, since it's giving my FPs for
some XLS files (yes, I already submitted it as FP today):
mail2:/var/lib/clamav# sigtool --find-sigs=BC.Exploit.CVE_2011_3412
[0001114551.cbc BYTECODE]
BC.Exploit.CVE_2011_3412.{CVE_2011_3412};Engine:56-255,Target:0;(0&1);0:d0cf11e0a1b11ae1;*:1c000404
mail2:/var/lib/clamav# cat local.ign2
BC.Exploit.CVE_2011_3412.{CVE_2011_3412}
BC.Exploit.CVE_2011_3412
CVE_2011_3412
(I tried 3 different ways of disabling the signature)
I restarted clamd, but still the mails are stopped as infected:
Tue Feb 7 13:33:09 2012 ->
/var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p004:
BC.Exploit.CVE_2011_3412(6988ecb2df20c8d0a4f43ccdc4008136:1782277) FOUND
Tue Feb 7 13:33:09 2012 ->
/var/amavis/amavis-20120207T133055-06780-qWTSSGIn/parts/p002:
BC.Exploit.CVE_2011_3412(39fd7b52d5cde9f8599267f1eb0c5aab:1317888) FOUND
What am I doing wrong here? Running clamv 0.97.3
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
[email protected] Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
