To whitelist specific files this way, you need to add the m5sum to a file with the .fp extension. So, in your example, it should be sigtool --md5 my_file_name.exe >> local.fp
If you want to ignore the signature altogether, you add the signature name to a file with the extension ign2. For what it's worth, this is on page 23 of the "signatures.pdf" document that ships with the ClamAV source code. Best regards Mark > On 5 Apr 2017, at 9:49 am, Gaurav Kumar Garg <gaurav.g...@uniscon.de> wrote: > > Hi ClamAV user, developer, > > I am new to clamAV. I like its design. > > While scanning i saw few false positive virus. I search on internet and found > out that i can avoid these false positive by writing md5 sum to local.ign > file and putting this file in /var/lib/clamav/* directory. then restarting > clamd daemon. > > > Its partially working, means it working when i scan false positive file with > clamscan -d and its not working with clamdscan. > > > Steps for creating local.ign file: > > > $ sigtool --md5 my_file_name.exe >> local.ign > > > after that i put this file in /var/lib/clamav/* directory and restarted clamd > daemon. > > > when i execute $ clamscan -d /var/lib/clamav/local.ign my_file_name.exe then > its not reporting false positive, its working perfectly. > > > But when i scan this file using clamdscan then its still reporting false > positive. > > > Could anyone help me regarding this false positive avoidance. > > > I can not submit my false positive file because of some business ethics and > compliance. > > > Thank you in advance, > > > Regards, > > Gaurav > > > _______________________________________________ > clamav-users mailing list > clamav-us...@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net http://www.clamav.net/contact.html#ml
