Hello,
You can create the following file in order to whitelist virus definitions with ClamAV:
For example, if ClamAV detected a virus on a test.swf file like this:
You would run the following commands to whitelist that definition:
Thank you.
You can create the following file in order to whitelist virus definitions with ClamAV:
Code:
/usr/local/cpanel/3rdparty/share/clamav/local.ign2
Code:
# /usr/local/cpanel/3rdparty/bin/clamscan /home/123
/home/123/test.swf: Swf.Exploit.CVE_2016_0968-1 FOUND
Code:
echo Swf.Exploit.CVE_2016_0968-1 >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2
/scripts/restartsrv_clamdI tried creating a local.ign2 file as indicated above to whitelist a particular signature but clamscan still detects it.
[root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --version
ClamAV 0.99.2/23499/Thu Jun 22 21:12:26 2017
[root@server ~]# echo "BC.Pdf.Exploit.CVE_2017_3033" >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2
[root@server ~]# /scripts/restartsrv_clamd
[root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan MYFILE.pdf
clamd says it restarted successfully.
clamscan shows the same results with or without the local.ign2 file.
local.ign2 contains only the one line as created above.
Even though clamav is not from cPanel, any suggestions?
[root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --version
ClamAV 0.99.2/23499/Thu Jun 22 21:12:26 2017
[root@server ~]# echo "BC.Pdf.Exploit.CVE_2017_3033" >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2
[root@server ~]# /scripts/restartsrv_clamd
[root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan MYFILE.pdf
clamd says it restarted successfully.
clamscan shows the same results with or without the local.ign2 file.
local.ign2 contains only the one line as created above.
Even though clamav is not from cPanel, any suggestions?
clamscan debug information shows the following:
[root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --debug MYFILE.pdf 2>&1 | grep -e 'local.ign2' -e 'CVE_2017_3033'
LibClamAV debug: /usr/local/cpanel/3rdparty/share/clamav/local.ign2 loaded
LibClamAV debug: Bytecode 6311970.cbc(60) has logical signature: BC.Pdf.Exploit.CVE_2017_3033-6311970-3.{};Engine:76-255,Target:10;0;2f4a50584465636f6465
LibClamAV debug: Bytecode 6316401.cbc(61) has logical signature: BC.Pdf.Exploit.CVE_2017_3033.{};Engine:76-255,Target:10;0;2f4a50584465636f6465
LibClamAV debug: Bytecode found virus: BC.Pdf.Exploit.CVE_2017_3033
LibClamAV debug: BC.Pdf.Exploit.CVE_2017_3033 found
LibClamAV debug: FP SIGNATURE: a32e841105b6f53a6d85c9d8e57e2cb5:2626574:BC.Pdf.Exploit.CVE_2017_3033
MYFILE.pdf: BC.Pdf.Exploit.CVE_2017_3033 FOUND
So the ignore file local.ign2 is loaded but the signature is still being searched for and found.
[root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --debug MYFILE.pdf 2>&1 | grep -e 'local.ign2' -e 'CVE_2017_3033'
LibClamAV debug: /usr/local/cpanel/3rdparty/share/clamav/local.ign2 loaded
LibClamAV debug: Bytecode 6311970.cbc(60) has logical signature: BC.Pdf.Exploit.CVE_2017_3033-6311970-3.{};Engine:76-255,Target:10;0;2f4a50584465636f6465
LibClamAV debug: Bytecode 6316401.cbc(61) has logical signature: BC.Pdf.Exploit.CVE_2017_3033.{};Engine:76-255,Target:10;0;2f4a50584465636f6465
LibClamAV debug: Bytecode found virus: BC.Pdf.Exploit.CVE_2017_3033
LibClamAV debug: BC.Pdf.Exploit.CVE_2017_3033 found
LibClamAV debug: FP SIGNATURE: a32e841105b6f53a6d85c9d8e57e2cb5:2626574:BC.Pdf.Exploit.CVE_2017_3033
MYFILE.pdf: BC.Pdf.Exploit.CVE_2017_3033 FOUND
So the ignore file local.ign2 is loaded but the signature is still being searched for and found.
Hello,
Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.
Thank you.
Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.
Thank you.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| J | Need to restart mysql database without root user access | Databases | 3 | |
| E | Mysql Database restore / reinstall / rebuild CentOs Cpanel | Databases | 5 | |
| D | How to remove clamav additional databases | Databases | 1 | |
|
LibClamAV Error: cli_loaddb(): No supported database files found. | Databases | 0 | |
| I | Clamav/MySQL | Databases | 3 |