Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

False Positive Exception list ?

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


Thomas.Kern at hq

Jun 18, 2012, 9:41 AM

Post #1 of 2 (342 views)
Permalink
False Positive Exception list ?

We have a few hundred PDFs that contain strings that trigger the DLP as credit card or SSN strings. These are false positives. The files have been examined to make sure that such private information is not in them, but there is real information that fits the same structure and triggers the DLP. We would like to continue to use DLP but do not want to wade through this long list of false positives every day.

Is there some mechanism to have a "false positive" exception file listing all the files that we know are false positives, so that Clamav will not report that on it?

--
Thomas Kern
ActioNet, Inc.
On contract to:
U.S. Department of Energy
301-903-2211 (Office)
301-905-6427 (Mobile)


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


ged at jubileegroup

Jun 19, 2012, 5:10 AM

Post #2 of 2 (322 views)
Permalink
Re: False Positive Exception list ? [In reply to]

Hi there,

On Mon, 18 Jun 2012, Kern, Thomas wrote:

> We have a few hundred PDFs that contain strings that trigger the DLP
> as credit card or SSN strings. These are false positives. The files
> have been examined to make sure that such private information is not
> in them, but there is real information that fits the same structure
> and triggers the DLP. We would like to continue to use DLP but do
> not want to wade through this long list of false positives every day.

You can create a database containing the signatures which you do not
wish to cause files to be flagged as suspect. It's explained in the
ClamAV user documentation.

> Is there some mechanism to have a "false positive" exception file
> listing all the files that we know are false positives, so that
> Clamav will not report that on it?

Standard Unix/Lilnux tools can do that for you very easily.

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.