clamav database directory path

manokiss

• October 26, 2016 12:07

Hi, im trying to create a sigs exception and im not finding the clamav dbase path, looks like is not the default /var/lib/clamav, can someone please provide me this information? Thanx in advance!

• 

  SysSachin

  • October 27, 2016 12:51

  Hello, You can check /usr/local/cpanel/3rdparty/share/clamav/ directory for clamav database

  0
• 

  manokiss

  • October 27, 2016 13:40

  Thanx very much!

  0
• 

  SysSachin

  • October 27, 2016 15:38

  Hello Manokiss, You are welcome.. Please update here if you have any issue with this process.

  0
• 

  cPanelMichael

  • October 28, 2016 16:48

  Hello, You can create the following file in order to whitelist virus definitions with ClamAV:
  /usr/local/cpanel/3rdparty/share/clamav/local.ign2
  For example, if ClamAV detected a virus on a test.swf file like this:
  # /usr/local/cpanel/3rdparty/bin/clamscan /home/123 /home/123/test.swf: Swf.Exploit.CVE_2016_0968-1 FOUND
  You would run the following commands to whitelist that definition:
  echo Swf.Exploit.CVE_2016_0968-1 >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2 /scripts/restartsrv_clamd
  Thank you.

  0
• 

  dcusimano

  • June 23, 2017 19:34

  I tried creating a local.ign2 file as indicated above to whitelist a particular signature but clamscan still detects it. [root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --version ClamAV 0.99.2/23499/Thu Jun 22 21:12:26 2017 [root@server ~]# echo "BC.Pdf.Exploit.CVE_2017_3033" >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2 [root@server ~]# /scripts/restartsrv_clamd [root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan MYFILE.pdf clamd says it restarted successfully. clamscan shows the same results with or without the local.ign2 file. local.ign2 contains only the one line as created above. Even though clamav is not from cPanel, any suggestions?

  0
• 

  dcusimano

  • June 23, 2017 20:57

  clamscan debug information shows the following: [root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --debug MYFILE.pdf 2>&1 | grep -e 'local.ign2' -e 'CVE_2017_3033' LibClamAV debug: /usr/local/cpanel/3rdparty/share/clamav/local.ign2 loaded LibClamAV debug: Bytecode 6311970.cbc(60) has logical signature: BC.Pdf.Exploit.CVE_2017_3033-6311970-3.{};Engine:76-255,Target:10;0;2f4a50584465636f6465 LibClamAV debug: Bytecode 6316401.cbc(61) has logical signature: BC.Pdf.Exploit.CVE_2017_3033.{};Engine:76-255,Target:10;0;2f4a50584465636f6465 LibClamAV debug: Bytecode found virus: BC.Pdf.Exploit.CVE_2017_3033 LibClamAV debug: BC.Pdf.Exploit.CVE_2017_3033 found LibClamAV debug: FP SIGNATURE: a32e841105b6f53a6d85c9d8e57e2cb5:2626574:BC.Pdf.Exploit.CVE_2017_3033 MYFILE.pdf: BC.Pdf.Exploit.CVE_2017_3033 FOUND So the ignore file local.ign2 is loaded but the signature is still being searched for and found.

  0
• 

  cPanelMichael

  • June 27, 2017 17:25

  Hello, Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look. Thank you.

  0

Please sign in to leave a comment.