Thanks much for your prompt response!
On 11/22/2015 9:11 AM, Steve basford wrote:
Create a localfp.ign2 file with the following line in it in your
ClamAV database folder:
Swf.Exploit.CVE_2015_7645
Restart clamd
Hopefully the FP will be officially fixed soon.
Cheers,
Steve
Web: sanesecurity.com
Blog: sanesecurity.blogspot.com
On 22 November 2015 12:52:04 "Orrick, Diana" <orr...@fsu.edu> wrote:
Hello,
I haven't has any response to filing a number of False Positive reports,
should I have?
I do appreciate the limits of the support folks, really. Just trying to
understand
how FP are handled and what the expectations should be.
We've had another round of scans and the same servers,
same files are flagged by ClamAV (only) again for
Swf.Exploit.CVE_2015_7645.
These are showing up on Linux servers that do not have the flash rpm
referenced in the CVE.
I've looked through the archives and the admin manual for some
reference to
creating a 'local whitelist record' but don't find much. Would someone
point
me to the terms I should search on for the whitelist creation process,
please?
Thanks for your assistance.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diana Mayer Orrick
Florida State University
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diana Mayer Orrick
Enterprise Systems Security
Information Technology Services
Florida State University
orr...@fsu.edu <mailto:orr...@fsu.edu>- (850) 645-8009
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
