Steve: I noticed this when the whitelist update notices from the clamav-unofficial-sigs.sh script started growing exponentially. The script doesn't anticipate that one signature's hex string might be a sub-sequence of another signature's, and it doesn't handle them properly when that happens.
In this case, the two entries in the spam_marketing.ndb database are: SecuriteInfo.com.Spammer.bluehornet.com:4:*:626c7565686f726e65742e636f6d SecuriteInfo.com.Spammer.echo.bluehornet.com:4:*:6563686f2e626c7565686f726e65742e636f6d There doesn't seem to be any reason for the second signature, because anything it matches will already be matched by the first sig. There may well be other duplicated entries; this is just the one I noticed. Alan Stern _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
