Allow exceptions leveraging an allowlist #169
Comments
|
Hey Alex, do you mind elaborating a bit more on this desired functionality? Maybe how it'd benefit you in your use case? |
|
This solution will work as is for us and is a great solution, but we are hoping to make the solution a bit more automated. There is a concern of false positives. User uploads a file, automation prevents the file from being interacted with by the user, security team is notified, through testing finds file is safe and a false positive, user still wants to upload that file, but cannot as without some way of exempting it going forward. The quick answer is to just manually tag the file as clean, but if it is ever modified then it will trigger a false positive again. |
|
With an exempt/ignore list you could disable a specific signature that is problematic; this functionality is available in ClamAV, but I'm not entirely sure how it would be integrated into this solution. |
|
Cool thanks for the background here. From my understanding, those would be defined with or beside the CVD files in S3. I don't believe there's much in the way of actual source code for this. |
According to clamav there are a few options and storing them with the database files would be sufficient:
https://www.clamav.net/documents/allow-list-databases
This does not appear to work with the current python scripts.
The text was updated successfully, but these errors were encountered: