I wasn't able to receive my own post...
freshclam didn't initially pull that signature back in (I removed it
manually from mbl.db) so I thought we were in the clear. It eventually
came back and everything came tumbling down again.
Steve, replying to your post:
grep MBL_207346 | sigtool --decode-sigs
That seems illogical. I did this instead:
sigtool --find-sigs MBL_207346 | sigtool --decode-sigs
VIRUS NAME: MBL_207346
DECODED SIGNATURE:
www.
If "www." is truly the signature, well, I think we've found the problem.
On 02/22/2012 10:49 AM, John Madden wrote:
I started seeing a bunch of these this morning, essentially trashing
around... I don't know, 80 or 90% of our mail. The signature is
definitely in our database but I can't find anything about it via google
aside from pages that have apparently been updated to no longer mention
it. Any ideas here? Anyone else seeing this?
~$ sigtool --list-sigs | grep MBL_207346
MBL_207346
John
--
John Madden / Systems Engineer III
Office of Technology / Ivy Tech Community College of Indiana
Free Software is a matter of liberty, not price. To understand
the concept, you should think of Free as in 'free speech,' not
as in 'free beer.' -- Richard Stallman
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
