On Thu, Feb 06, 2014 at 02:44 AM, Torge Husfeldt wrote:
> I'm getting a FP-Alert from a customer regarding the following sig:
>
> main.hdb:15c9c9ed5046a885d241afd2159c236a:43180:Junk.Corrupted-50
>
> The scan is done on our inbound authenticated mail host, which rejects our
> customer's mail with the following error-message:
>
> Fehler: <email-adresse-empfänger>host smtp.1und1.de[212.227.15.167] said:
> 551 virus infected mail rejected ("Junk.Corrupted-50") (in reply to
> end of
> DATA command)
>
> The only info I could find on this sig is the following discussion:
> http://www.clamxav.com/BB/viewtopic.php?t=3041&p=17129
>
> Can anyone tell me more about this sig and what it was originally supposed to
> match?
It matches the MD5 hash value of the file.
> I tried to submit to:
> http://www.clamav.net/lang/en/sendvirus/submit-fp/
> but without the orginial file, all I get is an error message.
> Do I really need to make the customer jump through the hoops?
I'm not a signature writer, but I can't imagine how they would be able to
confirm an FP or modify the signature without the file.
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
