Hi there, On Wed, 24 Mar 2021, Robert Kudyba wrote:
Using clamav-milter 0.103.1 with sendmail on Fedora 33, we had several emails quarantined with the MBL_82485625.UNOFFICIAL. All they contained was a link forwarded as an attachment of a Google Drive folder. I reported this to the false positive at SaneSecurity address. ...
It's a Malware Patrol signature so you should report it to them, not Sansecurity: https://sanesecurity.com/support/false-positives/ https://www.malwarepatrol.net/
Is there a way to verify that the signature itself was fixed?
I don't know what update documentation Malware Patrol does now, I stopped using them in 2013. To see what the signature contains you can use 'sigtool', alternatively grep the database file(s) for the string 'MBL_82485625'. I tend to use the grep '-a' option when I grep things like signature files. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
