Mailing List Archive

ignore yara rule
Hi,

Using clamav-unofficial-signatures and I'm trying to ignore a yara rule due to many FPs. The blocked message refers to the YARA.invalid_trailer_structure.UNOFFICIAL as the offending signature. However, entering any of following in local.ign2 file, clamav ignores it and keeps blocking:

YARA.invalid_trailer_structure

Any idea what I'm doing wrong here?

thanks
Re: ignore yara rule [ In reply to ]
Hello Dino,

echo -n "invalid_trailer_structure" >>local.ign2
should do the job.


Le 12/04/2022 à 18:58, Dino Edwards via clamav-users a écrit :
> Hi,
>
> Using clamav-unofficial-signatures and I’m trying to ignore a yara rule
> due to many FPs. The blocked message refers to the
> YARA.invalid_trailer_structure.UNOFFICIAL as the offending signature.
> However, entering any of following in local.ign2 file, clamav ignores it
> and keeps blocking:
>
> *YARA.invalid_trailer_structure*
>
> Any idea what I’m doing wrong here?
>
> thanks
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.60.47.09.81
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml