Hi, >> # sigtool --find-sigs MBL_303159 | sigtool --decode-sigs >> Does anyone know what's going on with this domain? It doesn't look >> like a domain thousands of my users would be including in their email >> on Aug 7th, so I don't know whether the emails were really spam... > > Hi Alex, > > The problem I think was that the sig was bad and it matching anything > "www." hence the huge number of FP's....
I thought the signatures were fixed? In other words, simple pattern matching for a fixed string. I didn't realize it was dynamic and could match an expression, or am I missing something? Thanks again, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
