[sanesecurity] Re: Deletion of local.ign

• From: Bill Landry <bill@xxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx, clamav-users@xxxxxxxxxxxxxxxx
• Date: Wed, 20 May 2009 05:26:37 -0700

Hi Folks,

I just got the following question off-list, which I would like to
respond to on-list for everyones benefit:

> I just got this on the last update using 3.3:
> 
> File 'local.ign' timestamp is older than 24 hours - file deleted 
> 
> That local.ign I need (it's the whitelist of signatures).
> 
> How can I stop the script from deleting this file? (apart from touching it
> every day).

The local.ign file contains signatures that the user would like ClamAV
to bypass when scanning a file due to issues like false-positives.  This
is a very short-lived option as the signatures as contained in local.ign
require several fields:

   file_name : line_number : signature_name

For example, a local.ign entry might look like the following:

   winnow_spam_complete.ndb:24:winnow.spam.ts.xmailer.hc.8

The reason these are short-lived entries is that the actual line
placement of an individual signature within a third-party signature
database can change with each update of the database, thereby nullifying
the local.ign whitelist entry, as the original signature line placement
within the signature database may have changed.

The local.ign entries are really meant to be a very short-term option to
bypass a signature until the signature writer can either modify the
signature or remove it from the particular signature database.

Currently, if the clamav-unofficial-sigs script finds that a local.ign
file exists, and its last timestamp (last change/modification time) is
older than 24 hours, it deletes the file as the entries are very likely
no longer valid.

With that said, if clamav-unofficial-sigs script users would like this
feature in the script to be timeframe configurable, or even to have the
ability to disable it (or both), let me know and I will make this
available with the next update release of the script.

Thanks for any feedback or suggestions.

Bill

• Follow-Ups:
  • [sanesecurity] Re: Deletion of local.ign
    • From: Steve Basford
  • [sanesecurity] Re: Deletion of local.ign
    • From: Richard Siddall

Other related posts:

• » [sanesecurity] Re: Deletion of local.ign - Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- Steve Basford
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- CLEMENT Francis
• » [sanesecurity] Re: Deletion of local.ign- Richard Siddall
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- Steve Basford
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- jef moskot
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- Tom Shaw
• » [sanesecurity] Re: Deletion of local.ign- Bill Landry
• » [sanesecurity] Re: Deletion of local.ign- jef moskot

1. Home
2. sanesecurity
3. Archive
4. 05-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---