Difference between revisions of "Virus False Positive"
(Created page with "CanIt uses Clam Antivirus as the primary method for detecting viruses within attachments. ClamAV works by looking for known Virus Signatures, a certain segment of code that ca...")
(→Manual Removal (CanIt-Pro and Domain-Pro only))
|Line 21:||Line 21:|
Revision as of 14:29, 15 November 2016
CanIt uses Clam Antivirus as the primary method for detecting viruses within attachments. ClamAV works by looking for known Virus Signatures, a certain segment of code that can be used to identify the specific malicious behaviour. This method will in, rare instances, provide false-positives if a signature was wrongly or poorly identified.
The source that ClamAV uses to aggregate these signatures is SaneSecurity. You can report the false-positive to them at this address:
Manual Removal (CanIt-Pro and Domain-Pro only)
If you'd like ClamAV to ignore specific virus signatures, this needs to be defined an all machines as follows:
Append to local 'ignore' file, where 'Sanesecurity.Virus.Code.###' is the name of the signature as defined in the "detail=" header of the false-positive:
echo 'Sanesecurity.Virus.Code.###' >> /var/lib/clamav/local.ign2
Restore ownership of the 'ignore' file to the clamav user:
chown clamav:clamav /var/lib/clamav/local.ign2