Discussion:
Rogue definition Pdf.Exploit.CVE_2018_12798-6633682-0 causing a LOT of FP's
(too old to reply)
Groach
2018-08-11 09:25:13 UTC
Permalink
I have a nightly scan. Last nights report now looks like this (extract):

D:\Datastore\hMailData\mydomain.net\4B\{4B794DE7-4DB0-4542-B8C3-BED2122A8238}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\F5\{F51B0223-3606-40D8-A5F1-2C3F2D0249CF}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\0C\{0C03ECFE-19C0-4434-BA5F-E2612171E6AB}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\15\{158D145C-A1E3-4657-A41C-AAD5E3E323AA}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\15\{15EDC37B-2D06-4BB9-B50D-E216B76D96F4}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\20\{2088EE70-E979-4300-A135-E6242F4F7BA1}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\22\{22BA0B38-024E-4468-BC6F-92E55CEFB998}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\41\{41E3410E-D480-4C07-A57D-7144D2739AC3}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\45\{4500489E-78C8-4384-B93E-B543412ADFCD}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\45\{453329F7-BFF1-4DC3-8179-88234963B759}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\47\{47D49FF6-8813-405F-85B3-27AFB674581F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\4C\{4C84EAC1-248B-4767-9B45-D533194306C7}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\4D\{4D81A733-3A24-4269-A995-CE9F4B737BAE}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\55\{55ACC46A-B1FE-4E88-B9AF-E9BD3560BA1C}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\58\{58C08BD2-942F-44AC-8009-F4B8E9E507DF}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\5D\{5DE02DA0-C788-464F-86F4-BD2AE7374039}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\5E\{5E79E62C-B51D-45B9-BD36-F2BD995C955C}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\66\{668AF3A4-C4A6-4117-930A-2D4CA783DD3C}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\67\{676BEA97-6B38-4C2E-A28D-5F064CB6C5FD}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\69\{694A7DE9-D3F8-431F-96A1-172AF47BF6EE}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\70\{7033900E-77D8-4B4C-836D-525D3FF5545B}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\74\{74132DE5-FCBD-4449-B2B9-D8021159717A}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\75\{7521CE1F-1CAF-4AB8-8B5F-86AF4449DE2F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\7B\{7BBA2F36-C61E-4AEF-A7CF-07E6B019D00F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\82\{827DC0B5-1B14-456C-A406-152D6F8F94A1}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\88\{88ACDA82-D858-41E4-8A69-316B8755CDB2}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\99\{993349F4-55F3-44F3-9B01-7D70A099A3A4}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\99\{99DE3EDB-257F-4566-93D9-0546ABC8896E}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\9F\{9FD20130-3017-49D2-9B12-346ABD05AF3A}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\A8\{A8FC3422-301B-4B0E-BA18-F9D001B503F7}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\B1\{B12F9462-74D7-4C67-A2C8-D95CD3E8EA32}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\B3\{B3501441-B1D1-4B48-AF3E-62502FFE7CCE}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\C0\{C08A1A27-6443-422E-BCEA-5F38D1E24415}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\C1\{C138E0D4-0297-4614-8D6B-5D71858BB364}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\C9\{C95918CF-B85D-48A8-A6B5-3E13CE47694E}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\CB\{CB36A9B1-61CE-48BC-BC36-8BB6674816D5}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\D7\{D72F3B46-2EF9-4500-84E0-23E5E5BCD913}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\D9\{D91AEF21-287E-4239-96C1-0436450F14B1}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\E8\{E8A418A7-AF0E-4058-A26F-D6A47D2E33C8}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\E8\{E8ADD2F5-82C0-4E66-B83C-CA4B6E1B260F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\EB\{EBF38EA3-F451-4D37-A744-CA835BEBB7CF}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\ED\{ED4ECB6B-521E-40E9-B522-04CC884FF01B}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\EE\{EEBD0A9F-8706-416C-9B21-FAC8ED698DB5}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\EE\{EEF2744C-4A15-4DF9-AA8A-6BA777C218D0}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\FA\{FAFEE228-E7EB-4EE4-8E29-ABBCB1975B0D}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\FC\{FC93325E-6A19-4ABC-A151-0D14E4754709}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
.
.
.
.
etc and so on.

A LOT. These are all emails (the email store of our mail server) that
contain PDF attachments and are all genuine PDF's (historical and recent
- some over 3 years old). I am not uploading any of them to the 'false
positive' report page as they containing private confidential
information (eg, plans and financial information) from professional
reputable companies.

Can I ask that this particular definition is pulled or at least reviewed
please.

Thank you

(Good job I now only run in report mode and not delete mode due to
previous bad experience with Clamav definitions otherwise our company
would have lost all of these emails which, apart from anything else,
would have broken some retention policy and laws we have to adhere to).
Groach
2018-08-12 17:26:09 UTC
Permalink
I have a nightly scan. The last 2 nights report now looks like this
(extract):

D:\Datastore\hMailData\mydomain.net\4B\{4B794DE7-4DB0-4542-B8C3-BED2122A8238}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\F5\{F51B0223-3606-40D8-A5F1-2C3F2D0249CF}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\0C\{0C03ECFE-19C0-4434-BA5F-E2612171E6AB}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\15\{158D145C-A1E3-4657-A41C-AAD5E3E323AA}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\15\{15EDC37B-2D06-4BB9-B50D-E216B76D96F4}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\20\{2088EE70-E979-4300-A135-E6242F4F7BA1}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\22\{22BA0B38-024E-4468-BC6F-92E55CEFB998}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\41\{41E3410E-D480-4C07-A57D-7144D2739AC3}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\45\{4500489E-78C8-4384-B93E-B543412ADFCD}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\45\{453329F7-BFF1-4DC3-8179-88234963B759}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\47\{47D49FF6-8813-405F-85B3-27AFB674581F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\4C\{4C84EAC1-248B-4767-9B45-D533194306C7}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\4D\{4D81A733-3A24-4269-A995-CE9F4B737BAE}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\55\{55ACC46A-B1FE-4E88-B9AF-E9BD3560BA1C}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\58\{58C08BD2-942F-44AC-8009-F4B8E9E507DF}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\5D\{5DE02DA0-C788-464F-86F4-BD2AE7374039}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\5E\{5E79E62C-B51D-45B9-BD36-F2BD995C955C}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\66\{668AF3A4-C4A6-4117-930A-2D4CA783DD3C}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\67\{676BEA97-6B38-4C2E-A28D-5F064CB6C5FD}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\69\{694A7DE9-D3F8-431F-96A1-172AF47BF6EE}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\70\{7033900E-77D8-4B4C-836D-525D3FF5545B}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\74\{74132DE5-FCBD-4449-B2B9-D8021159717A}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\75\{7521CE1F-1CAF-4AB8-8B5F-86AF4449DE2F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\7B\{7BBA2F36-C61E-4AEF-A7CF-07E6B019D00F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\82\{827DC0B5-1B14-456C-A406-152D6F8F94A1}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\88\{88ACDA82-D858-41E4-8A69-316B8755CDB2}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\99\{993349F4-55F3-44F3-9B01-7D70A099A3A4}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\99\{99DE3EDB-257F-4566-93D9-0546ABC8896E}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\9F\{9FD20130-3017-49D2-9B12-346ABD05AF3A}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\A8\{A8FC3422-301B-4B0E-BA18-F9D001B503F7}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\B1\{B12F9462-74D7-4C67-A2C8-D95CD3E8EA32}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\B3\{B3501441-B1D1-4B48-AF3E-62502FFE7CCE}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\C0\{C08A1A27-6443-422E-BCEA-5F38D1E24415}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\C1\{C138E0D4-0297-4614-8D6B-5D71858BB364}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\C9\{C95918CF-B85D-48A8-A6B5-3E13CE47694E}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\CB\{CB36A9B1-61CE-48BC-BC36-8BB6674816D5}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\D7\{D72F3B46-2EF9-4500-84E0-23E5E5BCD913}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\D9\{D91AEF21-287E-4239-96C1-0436450F14B1}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\E8\{E8A418A7-AF0E-4058-A26F-D6A47D2E33C8}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\E8\{E8ADD2F5-82C0-4E66-B83C-CA4B6E1B260F}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\EB\{EBF38EA3-F451-4D37-A744-CA835BEBB7CF}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\ED\{ED4ECB6B-521E-40E9-B522-04CC884FF01B}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\EE\{EEBD0A9F-8706-416C-9B21-FAC8ED698DB5}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\EE\{EEF2744C-4A15-4DF9-AA8A-6BA777C218D0}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\FA\{FAFEE228-E7EB-4EE4-8E29-ABBCB1975B0D}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
D:\Datastore\hMailData\mydomain.net\FC\{FC93325E-6A19-4ABC-A151-0D14E4754709}.eml:
Pdf.Exploit.CVE_2018_12798-6633682-0 FOUND
.
.
.
.
etc and so on.

A LOT. These are all emails (the email store of our mail server) that
contain PDF attachments and are all genuine PDF's (historical and recent
- some over 3 years old). I am not uploading any of them to the 'false
positive' report page as they containing private confidential
information (eg, plans and financial information) from professional
reputable companies.

Can I ask that this particular definition is pulled or at least reviewed
please.

Thank you

(Good job I now only run in report mode and not delete mode due to
previous bad experience with Clamav definitions otherwise our company
would have lost all of these emails which, apart from anything else,
would have broken some retention policy and laws we have to adhere to).
lukn
2018-08-14 21:40:49 UTC
Permalink
Same here. I agree this rule is causing too many FPs to remain active.
Therefore I ended up whitelisting this rule.
Post by Groach
I now only run in report mode and not delete mode
I don't understand the whish to leave the decision of data destruction
to a third party software. My system should follow my rules... and those
never include arbitrary data deletion as this can only end in tears.
Running any antivirus in delete mode is like playing Russian roulette.
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Groach
2018-08-14 21:52:21 UTC
Permalink
Could you detail how to whitelist the offending rule please? (I fear it will be some time, or never, before this rule gets rectified officially).
Post by lukn
Same here. I agree this rule is causing too many FPs to remain active.
Therefore I ended up whitelisting this rule.
Post by Groach
I now only run in report mode and not delete mode
I don't understand the whish to leave the decision of data destruction
to a third party software. My system should follow my rules... and those
never include arbitrary data deletion as this can only end in tears.
Running any antivirus in delete mode is like playing Russian roulette.
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
lukn
2018-08-17 06:17:08 UTC
Permalink
cd /path/to/clamav/signatures
echo -n offending.rule.name >> whitelist.ign2

ensure there is no trailing empty newline at the end of whitelist.ign2
Post by Groach
Could you detail how to whitelist the offending rule please? (I fear it will be some time, or never, before this rule gets rectified officially).
Post by lukn
Same here. I agree this rule is causing too many FPs to remain active.
Therefore I ended up whitelisting this rule.
Post by Groach
I now only run in report mode and not delete mode
I don't understand the whish to leave the decision of data destruction
to a third party software. My system should follow my rules... and those
never include arbitrary data deletion as this can only end in tears.
Running any antivirus in delete mode is like playing Russian roulette.
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Groach
2018-08-15 07:06:40 UTC
Permalink
Could you detail how to whitelist the offending rule please? (I fear
it will be some time, or never, before this rule gets rectified
officially).
Dont matter. I found the method in the FAQs but its not necessary. It
seems the signatures has been dropped. I didnt get the FPs after last
night.
Post by lukn
Same here. I agree this rule is causing too many FPs to remain active.
Therefore I ended up whitelisting this rule.
Post by Groach
I now only run in report mode and not delete mode
I don't understand the whish to leave the decision of data destruction
to a third party software. My system should follow my rules... and those
never include arbitrary data deletion as this can only end in tears.
Running any antivirus in delete mode is like playing Russian roulette.
Groach
2018-08-17 07:00:19 UTC
Permalink
Thanks for the info.

It seems the Maillist takes 2 days or more for my postings to be
actioned and appear for reply; I have since updated the thread twice
since that last post saying that I had since found the info in FAQs and
that it seems that the signature has already been dropped (FP's no
longer appearing under this definition (I still have the files and I
havent whitelisted). You might want to remove your whitelist entry in
case it now is able to catch genuine threats.
Post by Groach
Could you detail how to whitelist the offending rule please? (I fear
it will be some time, or never, before this rule gets rectified
officially).
Dont matter. I found the method in the FAQs but its not necessary.
It seems the signatures has been dropped. I didnt get the FPs after
last night.
Post by lukn
Same here. I agree this rule is causing too many FPs to remain active.
Therefore I ended up whitelisting this rule.
Post by Groach
I now only run in report mode and not delete mode
I don't understand the whish to leave the decision of data destruction
to a third party software. My system should follow my rules... and those
never include arbitrary data deletion as this can only end in tears.
Running any antivirus in delete mode is like playing Russian roulette.
Loading...