Why do you think this is the wrong place for an answer? Year I know this is based on clamav, but maybe another user has the same question. And I can´t find another support platform for the scanner, but the Nextcloud app is based on it.
I searched of course bevore I posted my question.
@devnull I think to use multi zips is annoying and for me a not wanted behavior to do that.
Back to whitelistings:
I found this wiki:
Whitelist a File
To whitelist a file:
Generate a md5 signature for the file and append it to the file whitelist
sigtool --md5 /data/testfile >> /var/lib/clamav/whitelist-files.fp
The entry will look like this
Fields are → MD5sum:Filesize:Comment
I got the following entry:
7c9b6333b5be72f257a883b608b28f48:16620045:Labelprinter Q710 Treiber.zip
Actually I try it without the .zip ending. I’ll let you know if it works.
I use the clamav user for the daemon service. The file whitelist-files.fp has the root:root permission like the other files, see screenshot.
The Virus Log entry:
Fri Aug 21 18:05:12 2020 -> instream(local): Win.Virus.Ramnit-7537604-0(31cd5e66d1866aacfcb5291d131f37be:94208) FOUND
Tested it now with clamscan:
clamscan /var/www/nextcloud/data/XX/Labelprinter\ Q710\ Treiber.zip
/var/www/nextcloud/data/XX/Labelprinter Q710 Treiber.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8588078
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 81.42 MB
Data read: 15.85 MB (ratio 5.14:1)
Time: 167.986 sec (2 m 47 s)
Its not infected now, but nextcloud with clamav daemon is still recognizing it as a virus.