Am 28.03.2017 um 13:53 schrieb Jonas Manusch:
Cheers folks, since last weekend my clamscan states Heuristics.Filetype.ZipWithJS-6162396-0 FOUND on some files. These files are from 2015 and I assume it to be false positive. Since these files contain sensitive data I cannot hand out to third parties. I tried to find out what the above means, but only found very little information that was not really helpful. Also tried to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I got here with a couple of questions: 1. Where can I find information about what kind of threat this?
many of the cryptomalware are .js files within zip-archives and .js on windows is executebale due windows scripting host - the major usecase of clamav is for inbound mailservers
2. How could I disable only this one type?
you only can disable heuristics at all and can't whitelist a single type which is a design mistake
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml