On 2011-04-13 22:10, Antonio Pereira wrote: > Hello, > > I have a user that receives an email from a legitimate online newspaper site > and since Monday they click on links in that email address and DG blocks the > page with the following message > > Virus MBL_200562.UNOFFICIAL found > > Is this a valid virus because I could not find any info on this in Google. > The only thing I found was to remove the entry from the clamav db, which I > did but because there is a daily update it sets it back. > > Also, I tried to view an online flyer and I received this message as well > from my own pc. > > What is this?
Probably the 3rdparty signature from here: http://www.malware.com.br/cgi/submit?action=list_clamav_ext MBL_200562:0:*:3030322e6c61 Run that through sigtool --decode to see what it is, but it looks like something very FP prone, at very least it should check for 'http:' too You can add MBL_200562.UNOFFICIAL to a file local.ign2 in your database directory. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
