Back to Community Threads
1
ClamAV whitelist issue
Question asked by Heimir Eidskrem - 9/27/2024 at 2:42 PM
Unanswered
We use 3rd party signatures for clam av and have an email address that gets triggered.

I added the signature to whitelist.ign2 thats located here: \Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav

There is only one rule in that file.

I did restart smartermail after that.  It seemed to have worked for a day but now its holding for that email address.  I did check to make sure its the same rule thats triggered.

I thought I had this done right but obviously not.  

Any suggestion where I look to fix this?

5 Replies

Reply to Thread
0
Tony Scholz Replied
10/1/2024 at 10:44 AM
Employee Post
Hello, 

What you did was right. ( https://portal.smartertools.com/kb/a3600/reducing-clamav-false-positives.aspx ) can you share the contents of your whitelist.ign2 file with us? 
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Heimir Eidskrem Replied
10/1/2024 at 10:51 AM
@Tony
Thats the article I folowed.

These are the 2 lines in the file.
SecuriteInfo.com.Spam-91973.UNOFFICIAL
YARA.SecuriteInfo_Suspicious_Phishing_Mail_3_2.UNOFFICIAL
0
Tony Scholz Replied
10/1/2024 at 2:25 PM
Employee Post
Ya, nothing wrong with that format, can I start a ticket for you to get an RSAA and review your install? Or start the ticket to get a copy of the emails that are triggering that signature to test with. 

SecuriteInfo.com.Spam-91973.UNOFFICIAL
YARA.SecuriteInfo_Suspicious_Phishing_Mail_3_2.UNOFFICIAL
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Heimir Eidskrem Replied
10/1/2024 at 2:37 PM
It might be working now.
I have not seen the same emails being held.
Let me spend some time on that before I use your time.
0
Tony Scholz Replied
10/1/2024 at 2:48 PM
Employee Post
Sounds good!
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Reducing ClamAV False PositivesSmarterMail > Troubleshooting
ClamAV 3310 Errors in Delivery LogsSmarterMail > Troubleshooting
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Messages to Yahoo! Emails are Temporarily DeferredSmarterMail > Troubleshooting
SmarterMail and ColdFusion IssuesSmarterMail > Troubleshooting