Hello.
Regarding your fist question you can execute the following
tools from the command line:
sigtool --find-sigs=Heuristics.Filetype.ZipWithJS-6162396-0 | sigtool
--decode-sigs
'ZipWithJS' is for sure not in the ClamAV source code: it is just a part
of a string used to identify the signature of a possible threat (and
signature archives are distributed separately from ClamAV).
Regarding your second question: you can create a whitelist
file which contains all the signatures that ClamAV should ignore.
Ref:
https://www.clamav.net/documents/how-do-i-ignore-whitelist-a-clamav-signature
Usually this whitelist file should reside in the same directory
where ClamAV has installed the signatures archives (on most
Linux installations is by default under /var/lib/clamav).
Regards,
Matteo
On 03/28/2017 01:53 PM, Jonas Manusch wrote:
Cheers folks,
since last weekend my clamscan states
Heuristics.Filetype.ZipWithJS-6162396-0 FOUND
on some files. These files are from 2015 and I assume it to be false
positive. Since these files contain sensitive data I cannot hand out
to third parties. I tried to find out what the above means, but only
found very little information that was not really helpful. Also tried
to find 'ZipWithJS' in ClamAV sourcecode, but without success. So I
got here with a couple of questions:
1. Where can I find information about what kind of threat this?
2. How could I disable only this one type?
Thanks.
Jonas
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
