Otdfbt

Multi tool use

Does this extra sentence in the description of the warlock's Eyes of the Rune Keeper eldritch invocation appear in any official reference?

Any examples of headwear for races with animal ears?

How could Tony Stark make this in Endgame?

What is the relationship between spectral sequences and obstruction theory?

The Defining Moment

Examples of subgroups where it's nontrivial to show closure under multiplication?

How can I change the color of a part of a line?

How did Captain America manage to do this?

What route did the Hindenburg take when traveling from Germany to the U.S.?

What's the polite way to say "I need to urinate"?

What is the strongest case that can be made in favour of the UK regaining some control over fishing policy after Brexit?

Examples of non trivial equivalence relations , I mean equivalence relations without the expression " same ... as" in their definition?

A ​Note ​on ​N!

Combinable filters

Do I have an "anti-research" personality?

How to type a section sign (§) into the Minecraft client

What do the phrase "Reeyan's seacrest" and the word "fraggle" mean in a sketch?

Was is really necessary for the Lunar module LM to have 2 stages?

How to have a sharp product image?

How to stop co-workers from teasing me because I know Russian?

Stop and Take a Breath!

French for 'It must be my imagination'?

Why does nature favour the Laplacian?

What language was spoken in East Asia before Proto-Turkic?

Maldet - How to Exclude/Ignore a File From Scanning?

How to do central home directories and user accounts on Ubuntu?Apache to read from /home/user/public_html on CentOS 5.7Folder permissions when using /etc/skel and pamRobocopy exclude directory in recursive file structureHow to load the environment variables at boot time before X11 on Ubuntu Precise?Change openssh default PATHclamscan using maldet Error: Servname not supported for ai_socktypeis it possible to ignore banner on ssh but not from loginApache upload scanner not working as intendedChroot on subdirectory from home website (SFTP)

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I am using maldetect on my server and a client is getting his file quarantined after maldet flags it as malicious.

CAVAtomicorp.Zip.File.Contains.exe : /home/timsffco/public_html/downloads/timsff.zip => /usr/local/maldetect/quarantine/timsff.zip.3026311886

We have determined that the file is NOT malicious.

Is there any way to tell maldet to ignore that file when scanning?

linux malware

share|improve this question

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

add a comment | 

0

I am using maldetect on my server and a client is getting his file quarantined after maldet flags it as malicious.

CAVAtomicorp.Zip.File.Contains.exe : /home/timsffco/public_html/downloads/timsff.zip => /usr/local/maldetect/quarantine/timsff.zip.3026311886

We have determined that the file is NOT malicious.

Is there any way to tell maldet to ignore that file when scanning?

linux malware

share|improve this question

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

add a comment | 

I am using maldetect on my server and a client is getting his file quarantined after maldet flags it as malicious.

CAVAtomicorp.Zip.File.Contains.exe : /home/timsffco/public_html/downloads/timsff.zip => /usr/local/maldetect/quarantine/timsff.zip.3026311886

We have determined that the file is NOT malicious.

Is there any way to tell maldet to ignore that file when scanning?

linux malware

share|improve this question

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

CAVAtomicorp.Zip.File.Contains.exe : /home/timsffco/public_html/downloads/timsff.zip => /usr/local/maldetect/quarantine/timsff.zip.3026311886

share|improve this question

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

share|improve this question

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

edited Sep 18 '16 at 12:07

HBruijn

57.2k1190151

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

asked Sep 8 '16 at 19:24

Craig EdmondsCraig Edmonds

10111

1 Answer
1

active

oldest

votes

1

Quoting the official documantation

.: 8 [ IGNORE OPTIONS ]

There are four ignore files available and they break down as follows:

/usr/local/maldetect/ignore_paths
A line spaced file for paths that are to be execluded from search results
Sample ignore entry:
/home/user/public_html/cgi-bin

/usr/local/maldetect/ignore_file_ext
A line spaced file for file extensions to be excluded from search results
Sample ignore entry:
.js
.css

/usr/local/maldetect/ignore_sigs
A line spaced file for signatures that should be removed from file >scanning
Sample ignore entry:
base64.inject.unclassed

/usr/local/maldetect/ignore_inotify
A line spaced file for regexp paths that are excluded from inotify >monitoring
Sample ignore entry:
^/home/user$
^/var/tmp/#sql_.*.MYD$

share|improve this answer

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f801947%2fmaldet-how-to-exclude-ignore-a-file-from-scanning%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

Quoting the official documantation

.: 8 [ IGNORE OPTIONS ]

There are four ignore files available and they break down as follows:

/usr/local/maldetect/ignore_paths
A line spaced file for paths that are to be execluded from search results
Sample ignore entry:
/home/user/public_html/cgi-bin

/usr/local/maldetect/ignore_file_ext
A line spaced file for file extensions to be excluded from search results
Sample ignore entry:
.js
.css

/usr/local/maldetect/ignore_sigs
A line spaced file for signatures that should be removed from file >scanning
Sample ignore entry:
base64.inject.unclassed

/usr/local/maldetect/ignore_inotify
A line spaced file for regexp paths that are excluded from inotify >monitoring
Sample ignore entry:
^/home/user$
^/var/tmp/#sql_.*.MYD$

share|improve this answer

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414

add a comment | 

1

Quoting the official documantation

.: 8 [ IGNORE OPTIONS ]

There are four ignore files available and they break down as follows:

/usr/local/maldetect/ignore_paths
A line spaced file for paths that are to be execluded from search results
Sample ignore entry:
/home/user/public_html/cgi-bin

/usr/local/maldetect/ignore_file_ext
A line spaced file for file extensions to be excluded from search results
Sample ignore entry:
.js
.css

/usr/local/maldetect/ignore_sigs
A line spaced file for signatures that should be removed from file >scanning
Sample ignore entry:
base64.inject.unclassed

/usr/local/maldetect/ignore_inotify
A line spaced file for regexp paths that are excluded from inotify >monitoring
Sample ignore entry:
^/home/user$
^/var/tmp/#sql_.*.MYD$

share|improve this answer

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414

add a comment | 

Quoting the official documantation

.: 8 [ IGNORE OPTIONS ]

There are four ignore files available and they break down as follows:

/usr/local/maldetect/ignore_paths
A line spaced file for paths that are to be execluded from search results
Sample ignore entry:
/home/user/public_html/cgi-bin

/usr/local/maldetect/ignore_file_ext
A line spaced file for file extensions to be excluded from search results
Sample ignore entry:
.js
.css

/usr/local/maldetect/ignore_sigs
A line spaced file for signatures that should be removed from file >scanning
Sample ignore entry:
base64.inject.unclassed

/usr/local/maldetect/ignore_inotify
A line spaced file for regexp paths that are excluded from inotify >monitoring
Sample ignore entry:
^/home/user$
^/var/tmp/#sql_.*.MYD$

share|improve this answer

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414

share|improve this answer

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414

answered Sep 8 '16 at 20:40

Vikelidis KostasVikelidis Kostas

782414