Normal mail classified as virus

[Nikolaos Milas]

On 5/2/2021 7:55 μ.μ., Nikolaos Milas wrote:

> Question 1: Is there a way to disable checking for that (or any other) 
> specific virus signature?

In the meantime (based on articles from the Internet), I have tried the 
following: I added a file named /var/lib/clamav/local-whitelist.ign2 
with two signatures:

sigs.InterServer.net.HEX.Topline.phisher.email.fros.gmail.760
{HEX}EICAR.TEST.3

(the latter for testing purposes) and I restarted amavisd / clamd at amavisd.

However, it seems the trick did not work, because my test mail 
(containing the EICAR sig) still got blocked as virus-infected.

(I also tried with .UNOFFICIAL appended to the signatures, but it didn't 
work either.)

So, I am still looking for a way to disable certain signatures from clamav.

I am on CentOS 8 with amavis-2.12.1, amavisd-milter-1.7.1 and clamd-0.103.0.

In the db directory (/var/lib/clamav) there are some ign2 files already, 
but these get updated often, so if I put anything therein, it will get 
erased since files get overwritten with each update. Here are the files 
(incl. the one I created):

# ls -la /var/lib/clamav | grep ign2
-rw-r--r--   1 root       root             102 Feb  8 01:50 
local-whitelist.ign2
-rw-r--r--   1 clamupdate clamupdate      5084 Jan 24 22:14 
securiteinfo.ign2
-rw-r--r--   1 clamupdate clamupdate       285 Jan  4 15:08 
sigwhitelist.ign2

I will appreciate your help!

Thanks,
Nick