I see you figured it out, but just to close this out...
As long as there is another entry on the next line, the a CR is OK. In your
case ClamAV was looking for a second entry and not finding one it assumed
malformation.
Sent from my iPad
-Al-
--
ClamXAV User
On Jul 16, 2022, at 12:32, joe a
Apparently resolved by having *only* the signature name on the line.
joe a
On 7/16/2022 3:32 PM, joe a wrote:
Does that include CR at the end of a line? Docs suggest multiple
ignores in one file, each on it's own line. Did I misread? (not the
first time)
joe a
On 7/16/2022 12:18 AM, Al
Does that include CR at the end of a line? Docs suggest multiple
ignores in one file, each on it's own line. Did I misread? (not the
first time)
joe a
On 7/16/2022 12:18 AM, Al Varnell via clamav-users wrote:
Yes, just make sure you don't have embedded spaces, carriage returns or
other
Yes, just make sure you don't have embedded spaces, carriage returns or other
invisible characters.
-Al-
--
ClamXAV User
> On Jul 15, 2022, at 8:43 PM, joe a wrote:
>
> That error was corrected, but now the error is "Malformed Database".
>
> Is it not a simple text string on a single line?
That error was corrected, but now the error is "Malformed Database".
Is it not a simple text string on a single line?
joe a.
On 7/15/2022 6:29 PM, joe a wrote:
My ignorance shows. Created file "/my_install_path/ignore_list.ign2" and
get this error:
"LibClamAV Error: cli_loadign: No
My ignorance shows. Created file "/my_install_path/ignore_list.ign2" and
get this error:
"LibClamAV Error: cli_loadign: No signature name provided"
Is the signature name not "PUA.Win.Trojan.Xored-1"
joe a.
On 7/15/2022 4:59 PM, Maarten Broekman via clamav-users wrote:
To turn it off
To turn it off entirely, you would create a file ending in .ign2 and put
the signature name in that file.
I'm not sure there is a good way to do it only for that particular sender,
unless you have a way to send those messages to a differently configured
ClamAV setup. I don't do a lot of email
Thank you. I believe I understand.
I was actually looking for a way to turn off checking for this
particular "PUA", hopefully just for this sender, while keeping PUA
checks still enabled for other cases.
In the past I've not had great success searching entirely on my own.
joe a.
On
A "PUA" is a "potentially unwanted application", not necessarily malicious.
You can disable PUA checks by ensuring that your clamd configuration has
"DetectPUA" set to no.
For reference, the signature is looking for bitwise math on CharCodeAt()
operations in HTML files.
VIRUS NAME: