Bill... I wrote the response to your query about whitelisting the TRUE-POSITIVE file.
As a general rule you *NEVER* EVER whitelist a TRUE-POSITIVE... what would be the point of an Anti-(Virus/Malware/Trojab) system then. On Fri, 2014-05-09 at 14:58 -0400, Bill Bennert wrote: > Hi Alain, > That was exactly what I was looking for. The idea of doing that was > not sitting right with me. I will find another way to handle this file > that will keep coming back from git when I do pulls. > > Thank you, > -Bill > > On 05/09/2014 02:48 PM, Greg Folkert wrote: > > On Fri, 2014-05-09 at 14:17 -0400, Bill Bennert wrote: > >> Hi Alain, > >> I greatly appreciate your time in confirming this. In response, I did > >> some additional research and understand that it is a true positive since > >> the file runs a test for that exact condition. Would white-listing it > >> using a file signature hash be valid measure, or would that a bad idea? > >> This is the first time I've encountered a true positive on a file I > >> would normally keep and want to make sure I handle it appropriately. > > Why would you do this in the first place. You are unquestionably > > guaranteeing a True-Positive to get through. That could be exploited... > > or not. > > > > Just make sure you realize what you are doing, not having blinders on. > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml -- greg folkert - systems administration and support web: donor.com email: [email protected] phone: 877-751-3300 x416 direct: 616-328-6449 (direct dial and fax) "It is quality rather than quantity that matters." -- Lucius Annaeus Seneca _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
