Hi everyone,
I'm facing an issue with ClamAV on my Proxmox Mail Gateway/Server setup.
The Problem:ClamAV is repeatedly flagging an email as a false positive with the signature Sanesecurity.Jurlbl.89a214.UNOFFICIAL. Our security team has confirmed this is a false positive and I need to whitelist this specific signature so ClamAV ignores it.
What I have tried (Unsuccessfully):
I'm facing an issue with ClamAV on my Proxmox Mail Gateway/Server setup.
The Problem:ClamAV is repeatedly flagging an email as a false positive with the signature Sanesecurity.Jurlbl.89a214.UNOFFICIAL. Our security team has confirmed this is a false positive and I need to whitelist this specific signature so ClamAV ignores it.
What I have tried (Unsuccessfully):
- Created a Whitelist File: I created the file /var/lib/clamav/localallow.ign2 and added the following content to it:
Sanesecurity.Jurlbl.89a214.UNOFFICIAL - Restarted the Service: After creating/modifying the file, I restarted the ClamAV daemon (e.g., systemctl restart clamav-daemon).
- Result: ClamAV is still scanning and quarantining emails/files that contain this signature.