> From: clamav-users on behalf of
> Brent Clark via clamav-users
> Sent: 10 April 2019 13:38
> To: ClamAV users ML
> Cc: Brent Clark
> Subject: Re: [clamav-users] Possible FP Doc.Trojan.Agent-6923110-0
>
> To whitelist a specific signature from the data
mav-users
Sent: 10 April 2019 13:38
To: ClamAV users ML
Cc: Brent Clark
Subject: Re: [clamav-users] Possible FP Doc.Trojan.Agent-6923110-0
To whitelist a specific signature from the database you just add the
signature name into a local file with the .ign2 extension and store it
inside /v
To whitelist a specific signature from the database you just add the
signature name into a local file with the .ign2 extension and store it
inside /var/lib/clamav.
i.e. echo 'Doc.Trojan.Agent-6923110-0' >> /var/lib/clamav/whitelist.ign2
HTH
Regards
Brent Clark
On 2019/04/10 13:46, Graeme Fow
Doc.Trojan.Agent-6923110-0 added 5th April (I think).
Detects potentially dodgy VB/VBA/VBScript macros in Excel docs, but we have one
user who has a completely genuine spreadsheet which contains several complex
database-lookup-related macros which are triggering that sig.
Nothing else has.
Unf