Error could occur due to calmscan while uploading files to server and also file may automatically gets deteled.If we are sure that no virus are present in the content that we are uploading, then we have to report false positive with clamav.
We can report the false positive by visiting the below link.
URL :
https://www.clamav.net/reports/fpFill in the details with the exact virus name displayed in the error message, short description about the false positive and upload the false positive file.
Then the signature will be whitelisted in there database.
=================================================================================================================
If the error message we are getting while uploading to server come with the word .UNOFFICIAL (example : YARA.multiple_webshells_0018.unofficial), Means that signature is not part of the official ClamAV Definition database and need to follow the below procedure.
We need to add the signature manually in clamAV databse folder in our server.
Below is procedure followed for the virus YARA.multiple_webshells_0018.unofficial.
]# cd /usr/local/cpanel/3rdparty/share/clamav/
]# grep -i webshells_0018 /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara | grep rule
rule multiple_webshells_0018 {
]# echo multiple_webshells_0018 >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2
]# /scripts/restartsrv_clamd
The above procedure will fix the errors like "The file you uploaded, test.functions11.php, contains a virus so the upload was canceled: YARA.multiple_webshells_0018.UNOFFICIAL FOUND" while uploading files to server.
