On 8/11/2022 6:34 PM, G.W. Haywood via clamav-users wrote:
Hi there,
On Thu, 11 Aug 2022, joe a wrote:
I do not understand why, when entering more than one URL, the first
line in my "exclude" file: "/var/lib/clamav/ImaOK2day.wdb" seems to be
able to match when entered "in plain text", while subsequent lines
seem to want actual "regex" notation (escaped "."), with only the
domains entered.
At least that is what it seems takes to "run clean" when re-scanned in
debug mode.
To add do the above, I found a few recent emails containing the URLs
in the first entry, mentioned above, that were flagged. Those emails
passed without notice when scanned as above. I removed that first
entry, scanned again and the email were flagged. I then entered those
URL's again, as the first line, this time in regex notation ("."
escaped, no "http or https"), scanned again, and it was not flagged.
Post your .wdb file here?
In the "old days" I would not hesitate, but in the current age, I do,
simply because it is essentially "public".
Would somewhat obfuscated be OK? Sent "off list" to volunteer victims?
Or posted to some less public place?
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
