Hi Greg, Sorry, noticed that you were you after I sent my response. You are absolutely right, and that is exactly why I asked the list first before blindly proceeding down that road. My first reaction was just 'delete the file'. But where it would return any time I pulled the master branch in git, or if I need to run the test, I was looking for another solution that would reduce the noise coming from clamav so I do not find myself later ignoring future messages. Looks like I'm back to just deleting the file whenever it shows up.
Thank you, -Bill On 05/09/2014 03:11 PM, Greg Folkert wrote: > Bill... I wrote the response to your query about whitelisting the > TRUE-POSITIVE file. > > As a general rule you *NEVER* EVER whitelist a TRUE-POSITIVE... what > would be the point of an Anti-(Virus/Malware/Trojab) system then. > > On Fri, 2014-05-09 at 14:58 -0400, Bill Bennert wrote: >> Hi Alain, >> That was exactly what I was looking for. The idea of doing that was >> not sitting right with me. I will find another way to handle this file >> that will keep coming back from git when I do pulls. >> >> Thank you, >> -Bill >> >> On 05/09/2014 02:48 PM, Greg Folkert wrote: >>> On Fri, 2014-05-09 at 14:17 -0400, Bill Bennert wrote: >>>> Hi Alain, >>>> I greatly appreciate your time in confirming this. In response, I did >>>> some additional research and understand that it is a true positive since >>>> the file runs a test for that exact condition. Would white-listing it >>>> using a file signature hash be valid measure, or would that a bad idea? >>>> This is the first time I've encountered a true positive on a file I >>>> would normally keep and want to make sure I handle it appropriately. >>> Why would you do this in the first place. You are unquestionably >>> guaranteeing a True-Positive to get through. That could be exploited... >>> or not. >>> >>> Just make sure you realize what you are doing, not having blinders on. >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
