SquidClamaAv: Virus detected - howto define an exclusion

When a legit zip file should be downloaded, where am I able to define an exclusion?

@support_team
Has somebody an idea?

1 Like

@Elleni would you please share which kind of detection does SquidClamAv?

1 Like

When trying to download a legit zip file from our distributor we are rerouted to the following site of our firewall server:


SaneSecurity is not the first time that triggers a false positive…

And how can I define an exception in order to make this file downloadable from nethserver secured environnement?

https://docs.nethserver.org/en/v7/antivirus.html?highlight=antivirus
AFAIK currently documentation do not allow exceptions for the detection.
Therefore, you may have some options to follow:

  • If the source is reliable and allowed to users, you can bypass the domain from Content Filtering/Proxy. This option needs a reload of proxy for read and apply new configuration
  • you can disable the thirdy party signature for Clamav, or change the setting accondingly to documentation, medium or low, this option requires to an update of definitions and IDK if launching freshclam from terminal could speedup the process

@support_team ?

2 Likes

You can whitelist the type to be ignored by clamav.

=> /var/lib/clamav/sigwhitelist.ign2.

For example:

grafik

2 Likes

@giacomo is sigwhitelist.ign2 wiped from reconfigurations?

1 Like

How to create a custom whitelist:

1 Like

Thanks guys, one question remaining though. In my case it is not an email so I don’t see the filename to whitelist in rspamd webinterface. Where can I find the corresponding entry to add to mywhitelist.ign2 if the file is downloaded by browser on an internetsite?

IMVHO you should pick the Virus Name from the screenshot…

It seems the file doesn’t exists on normal installations so it will not be replaced.

But I never tested nor used it.

Could be viable to create a prop+interface for exclusions without SSH-ing into server?