Hi ClamAV user, developer,
I am new to clamAV. I like its design.
While scanning i saw few false positive virus. I search on internet and
found out that i can avoid these false positive by writing md5 sum to
local.ign file and putting this file in /var/lib/clamav/* directory.
then
To whitelist specific files this way, you need to add the m5sum to a file with
the .fp extension. So, in your example, it should be sigtool --md5
my_file_name.exe >> local.fp
If you want to ignore the signature altogether, you add the signature name to a
file with the extension ign2.
For
On 04/05/2017 09:27 PM, Michael Engstler wrote:
> Hi,
> I noticed that when using the INSTREAM command and sending it a memory
> buffer of a file, clamd takes the memory buffer and saves it to
> the TemporaryDirectory (as defined in the config file).
>
> This is an unnecessary overhead as it
> On Apr 5, 2017, at 2:27 PM, Michael Engstler wrote:
>
> Hi,
> I noticed that when using the INSTREAM command and sending it a memory
> buffer of a file, clamd takes the memory buffer and saves it to
> the TemporaryDirectory (as defined in the config file).
>
> This is
Hi,
I noticed that when using the INSTREAM command and sending it a memory
buffer of a file, clamd takes the memory buffer and saves it to
the TemporaryDirectory (as defined in the config file).
This is an unnecessary overhead as it requires disk IO in order to scan the
file which is already
Hi,
Thanks for the quick response.
Your suggestion sounds interesting, but from what I've seen if you give
clamd a file path, it would copy the file to the temporary directory and
perform its tests on the copied file.
This means that even if i memory map my file, the test would still be done