> I started seeing a bunch of these this morning, essentially trashing > around... I don't know, 80 or 90% of our mail. The signature is > definitely in our database but I can't find anything about it via google > aside from pages that have apparently been updated to no longer mention > it. Any ideas here? Anyone else seeing this? > > > ~$ sigtool --list-sigs | grep MBL_207346 > MBL_207346
Hi John, Their signature currently points to: www DOT thinkertec DOT com/trial "Thinkertec SpyPal spy software - Invisible keylogger" Might be worth doing a decode-sigs to see if it matched the above? eg: grep MBL_207346 | sigtool --decode-sigs If it's still an issue for you, you can use a whitelist db file.. printf MBL_207346 > localbl.ign2 restart clamd Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
