Since the signature name has .UNOFFICIAL and starts with MBL I believe that's Malware Block List. I've submitted a sample to fp (at) malwarepatrol.net. Is more than one sample needed? I'm posting here to let others know and as they don't appear to acknowledge nor reply.
Why don't these come up? sigtool --find-sigs MBL_85256034*|sigtool --decode-sigs sigtool --find-sigs MBL_85256034|sigtool --decode-sigs sigtool --find-sigs MBL_85256034.UNOFFICIAL|sigtool --decode-sigs I also see multiple signature whitelists with some duplication: /var/lib/clamav/securiteinfo.ign2 /var/lib/clamav/sigwhitelist.ign2 /var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.ign2 /var/lib/clamav-unofficial-sigs/dbs-ss/sigwhitelist.ign2 That should be ok? I've seen this reported here before, e.g., https://clamav-users.clamav.narkive.com/mqj2qe6y/malwarepatrol-false-positive and https://clamav-users.clamav.narkive.com/5QYf5SQW/mbl-17713260-false-positive
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
