Using clamav on an Ubuntu Server postfix system. We have an issue where
so far just Excel (xlxs) files are getting false flagged as having the
following virus:
250 2.7.0 Ok, discarded, id=14037-01 - INFECTED:
Emf.Exploit.CVE_2017_16395-6376329-0
Virus scanner output:
p003: Emf.Exploit.CVE_2017_16395-6376329-0 FOUND
p005: Emf.Exploit.CVE_2017_16395-6376329-0 FOUND
Having searched up information I found it's probably easiest just to
whitelist this signature. However, whatever I do doesn't seem to work.
I have added CVE_2017_16395-6376329-0
to a file at /var/lib/clamav/whitelist.ign2 as well as to
whitelist-signatures.ign2 since there are references out on the
internet to name the file one way or the other. Since it wasn't
working, I changed user and group to clamav on these files. I also
reloaded clamav-daemon. But still the files are quarantined as infected.
Any other clues?
Thanks!
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
