ged at jubileegroup
Jun 19, 2012, 5:10 AM
Post #2 of 2
On Mon, 18 Jun 2012, Kern, Thomas wrote:
> We have a few hundred PDFs that contain strings that trigger the DLP
> as credit card or SSN strings. These are false positives. The files
> have been examined to make sure that such private information is not
> in them, but there is real information that fits the same structure
> and triggers the DLP. We would like to continue to use DLP but do
> not want to wade through this long list of false positives every day.
You can create a database containing the signatures which you do not
wish to cause files to be flagged as suspect. It's explained in the
ClamAV user documentation.
> Is there some mechanism to have a "false positive" exception file
> listing all the files that we know are false positives, so that
> Clamav will not report that on it?
Standard Unix/Lilnux tools can do that for you very easily.
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net