Mailing List Archive

False Positive Exception list ?
We have a few hundred PDFs that contain strings that trigger the DLP as credit card or SSN strings. These are false positives. The files have been examined to make sure that such private information is not in them, but there is real information that fits the same structure and triggers the DLP. We would like to continue to use DLP but do not want to wade through this long list of false positives every day.

Is there some mechanism to have a "false positive" exception file listing all the files that we know are false positives, so that Clamav will not report that on it?

--
Thomas Kern
ActioNet, Inc.
On contract to:
U.S. Department of Energy
301-903-2211 (Office)
301-905-6427 (Mobile)


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: False Positive Exception list ? [ In reply to ]
Hi there,

On Mon, 18 Jun 2012, Kern, Thomas wrote:

> We have a few hundred PDFs that contain strings that trigger the DLP
> as credit card or SSN strings. These are false positives. The files
> have been examined to make sure that such private information is not
> in them, but there is real information that fits the same structure
> and triggers the DLP. We would like to continue to use DLP but do
> not want to wade through this long list of false positives every day.

You can create a database containing the signatures which you do not
wish to cause files to be flagged as suspect. It's explained in the
ClamAV user documentation.

> Is there some mechanism to have a "false positive" exception file
> listing all the files that we know are false positives, so that
> Clamav will not report that on it?

Standard Unix/Lilnux tools can do that for you very easily.

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml