Mailing List Archive: [clamav-users] how to exclude windows signatures when doing a clamscan ?

Hi there,

On Mon, 28 Mar 2022, sp339 via clamav-users wrote:

> I'm on linux and I would like to exclude all signatures of Windows
> when doing a clamscan.
> Can this be done?

Not easily. If you can tell us your problem instead of asking how you
might solve it we might be able to manage your expectations better. :)

You could create your own databases but you'd need to script something
which would create them on every database update, otherwise they would
quickly get out of date. The characteristics of individual signatures
don't necessarily identify by operating system, so it wouldn't be easy
to filter out just the Windows signatures reliably. Would you want to
keep e.g. Microsoft 'Word' macro signatures? It's just about possible
that they might also apply to something like Open Office.

It's also worth considering onward transmission of something malicious
from an unaffected system to one which will be affected. We don't use
Windows boxes but everything which is scanned here is scanned not only
for the Windows signatures in the official databases but by many third
party signatures too, and many of them could be considered relevant to
Windows systems only.

Have you wondered if it's sensible to use *any* system to scan itself?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml