ClamTk

How do a whitelist specific file types?

Asked by Tang Musford

When I run a scan in ClamTk, the program finds a lot of threats. The resulting list of threats shows that approx. 99% of them begin with PUA.WIN32.Packer . Searching for more information on the Internet shows me that these files are a file compression type used by a large number of programs for making a smaller file to send over the Internet, i.e. you download a compressed version of the program so it makes for a faster download. Some sites refer to making a choice in the version of clamav with a GUI that one might be using. I can't find anyway to get that type of control with ClamTk. Does anyone know how I could scan for viruses and malware while ignoring those files that begin with PUA.Win32.Packer?

Thanks in advance for your assistance.

Question information

Language:
English Edit question
Status:
Solved
For:
ClamTk Edit question
Assignee:
No assignee Edit question
Solved by:
Dave M
Solved:
Last query:
Last reply:
Revision history for this message
Dave M (dave-nerd) said : 		#1

Hi,

There is currently no whitelist for file types; only directories. However, you can probably exclude most if not all PUA (potentially unwanted application) types by going into Advanced -> Preferences -> Scanning (tab), and ensure the checkbox for "Scan for Potentially Unwanted Applications" is unchecked.

Please let me know if this helps.

Thanks,
Dave M

Revision history for this message
Tang Musford (x935bird) said : 		#2

HI, Dave.

I am running ClamTk version 4.38 in Ubuntu 12.04 using the Ubuntu repository. The engine and definitions are current.

I have tried everything on the program I could find in terms of settings to try to fix this problem. So, when I received your answer above, I immediately went to see if I had missed a tab or an option. No, I just don't have that option available in my version of ClamTk. Let's say I go to Advanced, Preferences, Scanning Preferences, I only have 5 choices of checkbox to either check or to leave unchecked. They are, in this order, as follows:
Scan files beginning with a dot (.*)
Scan all files and directories within a directory
Enable extra scan settings
Scan files larger than 20 MB
Scan Samba-related directories (gvfs, smb4k)

So, I don't have the choice of "Scan for Potentially Unwanted Applications" unless I am somehow missing it.
Do I have the wrong version, should I change the repository to the ppa instead, is there anything else I should be doing that I am not doing? I have a feeling that I am missing something that is probably obvious and I just can't see it.

Thanks!

Revision history for this message
Best Dave M (dave-nerd) said : 		#3

Hi,

Thanks for responding.

Please try to download the latest version from http://clamtk.sourceforge.net . There's a download link for "Debian/Ubuntu" - this will give you a .deb, which you should be able to just double-click to update.

First ensure your current version of ClamTk is closed, and then re-try when you update.

Thanks,
Dave M

Revision history for this message
Tang Musford (x935bird) said : 		#4

Thanks, Dave. That did it! Works great now.

Thanks for your work on this project. It is greatly appreciated.