Hi Andre,
NB: I'm copying this to the ClamAV users list, as a heads-up.
The ClamAV EXT list currently contains a number (eleven) of false positive
entries. They all match the string "://" (without the quotes), which clearly
matches any email containing any URL.
This is a very serious error, that has been blocking most emails on my server
today. The entries are not in any of the other ClamAV lists.
Here's a snippet from the list at
https://www.malwarepatrol.net/cgi/submit?action=list_clamav_ext
BL_330073:0:*:66696c6573312e66726565736f66742e72752f7265702f3830373936
MBL_330105:0:*:3a2f2f
MBL_330141:0:*:7574696c7a6f6e652e746f7067756964652e636f2e6b722f7570646174652f757a3338
MBL_330149:0:*:646f776e2e656e756d73746174652e636f2e6b722f646f776e6c6f6164
MBL_330239:0:*:6368697070696e6773636f74746167652e637573746f6d65722e6e657473706163652e6e65742e6175
MBL_330447:0:*:66696c652d677572692e636f2e6b722f75706c6f61642f6a6f7966696c65
MBL_330518:0:*:6465616e6c7574746f6e2e636f6d2f6a756e6b
MBL_331371:0:*:7777772e726573637565382e6f72672f696d616765732f6a6f656172726f796f
MBL_331404:0:*:646f776e6c6f61642e77696e6d6178696d697a65722e636f6d2f646f776e6c6f6164732f77696e6d6178696d697a6572
MBL_331462:0:*:7574696c2e62696766696c652e6f722e6b722f636f6e74735f696d61676573322f75706c6f61645f666f72646572
MBL_331475:0:*:3a2f2f
MBL_331531:0:*:7a72656e692e72752f646f776e6c6f61642f736f6674
MBL_331860:0:*:7777772e6f66696e6574706c75732e6573
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
