MBL , how to ignore/whitelist a Clamav Signature

[monitor2000com]

Hello ,
We have faced an issue With CXS & MailScanner in past 2 days which considering most of the files & emails as Virus .

# ClamAV detected virus = [MBL_349876.UNOFFICIAL]:
# ClamAV detected virus = [MBL_340040.UNOFFICIAL]
MBL_349876.UNOFFICIAL
MBL_340040.UNOFFICIAL


As i checked both are False positive false positive reports ,I have tried to White List / Ignore these signatures via ClamAV which didn`t work .

Is there anyone who experienced this issue before ?
i was wondering if anyone could let me know how to Ignore these Signatures .


Regards
MNT

[monitor2000com]

I wonder , 3 times these signatures changed .

# ClamAV detected virus = [MBL_349876.UNOFFICIAL]:
to
# ClamAV detected virus = [MBL_340040.UNOFFICIAL]
to
# ClamAV detected virus = [MBL_339871.UNOFFICIAL]:

[monitor2000com]

we have just white listed the signatures ,
clamscan -ri > this command doesn`t find any virus on our sites

but the problem is CXS still detecting the virus , what to do ?

[Sarah]

See this thread on the clamav forum:
http://www.gossamer-threads.com/lists/c ... sers/59100

When using the unofficial signatures you should expect false positives, unfortunately. You could try removing the MBS sigs from your unofficial sigs script and from the clamav database at /usr/local/share/clamav.

Regards,
Sarah

[monitor2000com]

Removed the rules from the following files , it`s working fine now , thank u


/usr/unofficial-dbs/mbl-dbs
/usr/local/share/clamav/mbl.ndb

[monitor2000com]

Hi ,
Due to this issue i have changed many settings (it`s working fine now )
I`ll be pleased if you could check the following lines and let me know that by default these lines should be enabled or not !

Config File : /etc/Clamav-unofficial-sigs.conf

# Mbl_dbs="
# mbl.ndb
# "

#mbl_update_hours="6"