Hello Steve, Thank you for your explanation.
I found that last occurrence was about 11:22 CET so I'm not affected now. When I get information about this problem this was on my whitelist as you wrote. Anyway I know what was happen. Once again - thank you! Cheers, Pawel -----Original Message----- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Steve Basford Sent: Tuesday, January 14, 2014 2:32 PM To: ClamAV users ML Subject: Re: [clamav-users] False positive - CRDF.Malware-Generic.3661413036.UNOFFICIAL > Finally I found where this signature is located > sigwhitelist.ign2:CRDF.Malware-Generic.3661413036 > Does someone know how can I bypass this signature? Which command? Hi Pawel, Just to add, that seeing the signature in sigwhitelist.ign2 means that signature is in your whitelist already.. However, you must be using an older version of the download script, as ONLY the newest version of the script will use sigwhitelist.ign2 to whitelist sigs: Eg: Version 3.7.2 (updated 2013-08-25) - Added Sanesecurity signature whitelist "sigwhitelist.ign2" file to the list of default databases in the config file. Download available here: http://sourceforge.net/projects/unofficial-sigs/ Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
