Entity Opt Dell

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, May 20, 2013

Whitelist files with Clamav

Posted on 3:26 AM by Unknown
Exclude files from scan :

Sometimes, you will need to whitelist files from a scan, clamscan offers the --exclude option but its usage is not really user-friendly...

Imagine that you need to exclude two files /data/rep/file1 and /data/rep2/file2, the command line would be :
 # clamscan -r -i --exclude=/data/rep/file1 --exclude=/data/rep2/file2  

This is fine if you have few files to whitelist but it quickly becomes unreadable when you have dozen files and directories.

The solution is to input a file to clamscan with xargs. Create a text file containing all files/directories you need to whiltelist (one file/directory per line) :
 # cat /var/lib/clamav/whitelist-files.txt  
/data/rep/file1
/data/rep2/file2

You can also add regexp like *.mp3 (be aware that this is quite dangerous)

Run clamscan with the following command :
 # sed -e 's/^/--exclude=/' /var/lib/clamav/whitelist-files.txt | xargs clamscan -r -i /directory_to_scan/  

Don't forget to put double quotes or escape when you exclude paths with special characters (especially spaces).

Last but not least, always double check that the files you're whitelisting are completely safe. You can check that out with a meta AV engine like Jotti :
http://virusscan.jotti.org/en

Whitelist a virus signature :

To whitelist a virus a signature, you need to get the ClamAV signature definition, this is the code you have on the right side of the infected file line. For example :
 /data/file.flv: CVE_2012_0773-2 FOUND  

In this case the signature definition is CVE_2012_0773-2, add it to /var/lib/clamav/whitelist-signatures.ign2

That's all ! Be very cautious when whitelisting Virus signatures.
Hope that helps !
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Anti Virus, Bash, ClamAV, cli, Linux, Script, Security, Shell, System | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Whitelist files with Clamav
    Exclude files from scan : Sometimes, you will need to whitelist files from a scan, clamscan offers the --exclude option but its usage is not...
  • omreport : failed to load external entity "/opt/dell/srvadmin/var/lib/openmanage/xslroot//oma/cli/about.xsl"
    If you're having the following error when executing omreport : I/O warning : failed to load external entity "/opt/dell/srvadmin/va...
  • Bash : Wait for a command with timeout
    Here is a very useful little command that wait for a process to finish and kill it if doesn't exit after a pre defined timeout. The comm...
  • Fixing the "ExSec32.dll is incompatible with Microsoft Outlook" Error
    The Problem I had a user who the the following error on the computer "The file ExSec32.dll is incompatible with Microsoft Outlook. Inst...
  • Easy way to find your public IP in scripts or CLI
    There is a lot of online tools that gives your public IP but most of them are either not accepting cli User-Agent or they requires nasty par...
  • Windows Update on Windows 7 failing at Configuring Updates
    The Problem So I had a strange problem. I have over the last couple of months had a problem where occasionally my computer when shutting dow...
  • Juniper JunOS transfer on commit fails
    I had quite a surprise when I discover that my transfer on commit stopped working on my SRX firewall. The error in the logfile was : ACCT_X...
  • Shrew VPN Client + Juniper SRX : "session terminated by gateway" (Autodisconnect)
    If like me, you're trying to connect to a Juniper dynamic VPN with Shrew VPN Client, be aware that this not yet possible. The connection...
  • IE8 Strikes again
    Summary: My wife tells me that the internet seems slow on our Desktop at home. She says it seems to get worse using 2 tabs. After using it ...
  • Enable LDAP SSL/TLS user authentification in Zabbix
    By default Zabbix Web interface doesn't offer the SSL/TLS encryption option for the LDAP connector however the feature is available in t...

Categories

  • 007
  • 7
  • A+
  • Academic
  • Anti Virus
  • Antivirus Live
  • Avaya
  • AverPen
  • Bash
  • Begin
  • broken
  • Bugs
  • CentOS
  • CentOS 6.3
  • Centos 6.4
  • Certifications
  • CIP
  • ClamAV
  • Clean Slate
  • cli
  • CompTIA
  • Dead
  • Deal
  • Dell
  • Desktops
  • DHCP
  • Digital Camera
  • EBS
  • Error
  • Exchange 2007
  • fail
  • fax
  • File Systems
  • Firefox
  • Firewall
  • Fix
  • Flashback
  • FMTG
  • Fraud
  • FTP
  • GPO
  • Hard drive
  • Hardware
  • ICOP
  • IE8
  • Imaging
  • In-Car Video
  • Internet
  • Internet Explorer
  • IPO
  • ISA
  • Juniper
  • Kernel
  • Kodak
  • License
  • Linux
  • Microsoft
  • Microsoft Office
  • NERC
  • Network
  • Network+
  • Networking
  • NFS
  • Office 2010
  • OpenManage
  • Outlook2010
  • PDF
  • Performances
  • Phones
  • Ports
  • Presentation
  • printer
  • Protection
  • RAID
  • Remote
  • Renewal
  • Scam
  • SCE
  • Script
  • Security
  • Security+
  • Services
  • Shell
  • Shrew
  • Silverlight
  • SMS
  • SRX
  • SteadyState
  • Symantec
  • sysinternals
  • System
  • Tech
  • Text
  • Timer
  • Times Up
  • Tip
  • UAC
  • Unbootable
  • update
  • Virus
  • Virus Removal
  • VPN
  • Whiteboard
  • Windows
  • Windows 8
  • Windows Phone
  • Windows Server
  • Windows Update
  • Wireless
  • WSUS
  • Yahoo
  • Zabbix

Blog Archive

  • ▼  2013 (36)
    • ►  October (5)
    • ►  September (1)
    • ►  August (1)
    • ►  July (4)
    • ►  June (2)
    • ▼  May (12)
      • omreport : failed to load external entity "/opt/de...
      • DRAC Firmware update failed : Error: 30001 Method ...
      • Yum stuck/hangs at "Running Transaction Test"
      • Umount a stalled/frozen NFS mount point
      • Remove absolute path from MD5 file
      • Whitelist files with Clamav
      • Multiple cluster per site, Site Recovery Manager (...
      • Enable LDAP SSL/TLS user authentification in Zabbix
      • Dell 11-12th gen 710-720 firmware update observations
      • Updated*** Dell OpenManage 7.2 on ESXi5 fails with...
      • Windows Server 2008R2 missing gateway IP address
      • Hello!
    • ►  April (6)
    • ►  March (2)
    • ►  February (1)
    • ►  January (2)
  • ►  2012 (9)
    • ►  September (1)
    • ►  April (3)
    • ►  March (1)
    • ►  January (4)
  • ►  2011 (18)
    • ►  December (2)
    • ►  November (1)
    • ►  October (1)
    • ►  September (3)
    • ►  August (2)
    • ►  July (1)
    • ►  May (1)
    • ►  March (1)
    • ►  February (2)
    • ►  January (4)
  • ►  2010 (13)
    • ►  December (2)
    • ►  November (1)
    • ►  October (2)
    • ►  August (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (2)
  • ►  2009 (7)
    • ►  December (2)
    • ►  October (4)
    • ►  September (1)
Powered by Blogger.

About Me

Unknown
View my complete profile