Hello, Is there any way to whitelist a file based on it's signature *and* it's filename?
My case is about a legit PDF file embedding JavaScript sent by users by email. Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is always different (probably because users are saving form data inside). I am aware of the ".ign2" file to list signatures to ignore: https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature But I am afraid it would also whitelist real ransomware or virus embedded into PDF files, which is way too dangerous. Therefore I would like to reduce it's scope; I can only think of adding the file name, which in my case should almost always be the same (the MD5 and file size are always differents). Maybe using the ".fp" file could helps, if only it would not require the MD5 hash and the filesize: http://pig.made-it.com/clamav.html Thanks, -- Mathieu _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
