Hi all, Now I use Snort-2.9.2.1 and clamd-0.97.3-3 on the same OS, Scientific Linux 6.1 (i686). Since around a month ago, whenever daily clamscan is finished, the same following False Positive has been detected and the files have been mandatorily deleted:
/etc/snort/rules/web-client.rules: CVE_2005_1342 FOUND /etc/snort/rules/shellcode.rules: Exploit.Alpha_Upper FOUND /etc/snort/rules/web-activex.rules: CVE_2011_3397-6 FOUND I thought this issue was FP and reported it to the site below, but it has still been detected even if I update the .cvd file and no fix has not seemed to be provided. http://www.clamav.net/lang/en/sendvirus/submit-fp/ I temporarily exclude "/etc/snort/rules" directory from the target one of clamscan. What should I do later? Regards, Yoshii _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
