[Clamav-devel] how to avoid false positive in clamAV

Hi ClamAV user, developer, I am new to clamAV. I like its design. While scanning i saw few false positive virus. I search on internet and found out that i can avoid these false positive by writing md5 sum to local.ign file and putting this file in /var/lib/clamav/* directory. then

Re: [Clamav-devel] [clamav-users] how to avoid false positive in clamAV

To whitelist specific files this way, you need to add the m5sum to a file with the .fp extension. So, in your example, it should be sigtool --md5 my_file_name.exe >> local.fp If you want to ignore the signature altogether, you add the signature name to a file with the extension ign2. For

Re: [Clamav-devel] CalmAV In-Memory Scan

On 04/05/2017 09:27 PM, Michael Engstler wrote: > Hi, > I noticed that when using the INSTREAM command and sending it a memory > buffer of a file, clamd takes the memory buffer and saves it to > the TemporaryDirectory (as defined in the config file). > > This is an unnecessary overhead as it

Re: [Clamav-devel] CalmAV In-Memory Scan

> On Apr 5, 2017, at 2:27 PM, Michael Engstler wrote: > > Hi, > I noticed that when using the INSTREAM command and sending it a memory > buffer of a file, clamd takes the memory buffer and saves it to > the TemporaryDirectory (as defined in the config file). > > This is

[Clamav-devel] CalmAV In-Memory Scan

Hi, I noticed that when using the INSTREAM command and sending it a memory buffer of a file, clamd takes the memory buffer and saves it to the TemporaryDirectory (as defined in the config file). This is an unnecessary overhead as it requires disk IO in order to scan the file which is already

Re: [Clamav-devel] CalmAV In-Memory Scan

Hi, Thanks for the quick response. Your suggestion sounds interesting, but from what I've seen if you give clamd a file path, it would copy the file to the temporary directory and perform its tests on the copied file. This means that even if i memory map my file, the test would still be done