Antivirus for files - How to add a working exception rule for a virus signature

Dear all,

we are using Nextcloud and the app “Antivirus for files” with ClamAV.

Now we have many False-Positives and for testing I want to ignore e.g. the EICAR Signature via Nextcloud UI. So I did the following:

  1. Security → Add new rule like in the screenshot and saved it - In my option the regex is correct. I tested it online with the log of the clamav:
    image

  2. Upload the file → File is blocked. Here are the protocols and the message


    image

Now my question is: How can I add an exception rule for a signature? Does anybody has an example?

Best regards

Rainer

I think this may help:

https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml

https://docs.clamav.net/manual/Signatures/AllowLists.html

Hey,

I know the links but I don’t want to login via SSH only to add a false-positiv to the list. We experience many false positives with ClamAV and I thought that the rules are exactly for this - or not?

Doesn’t anybody who uses ClamAV with Nextcloud using the “Rules”-UI in Nextcloud?

Best regards

Rainer