Hi, Robert Kudyba <rkud...@fordham.edu> writes:
> [1:multipart/alternative Hide] > > > [1/1:text/plain Show] > > > [1/2:text/html Hide Save:noname (3kB)] > > Since the signature name has .UNOFFICIAL and starts with MBL I believe that's > Malware Block List. I've > submitted a sample to fp (at) malwarepatrol.net. Is more than one sample > needed? I'm posting here to let > others know and as they don't appear to acknowledge nor reply. I contacted thenm once and te reply was in the line that thy considered that the risk was real enough to keep the rule(s). As I am updating ClamAV unofficial with the clamav-unofficial-sigs.sh script, I wrote a hook that removes any drive.google.doc from the signature (there are/were at least 3 entries). As I wrote the hook, I can modify it in the future to fit my needs, so it is not wasted time. I can share the script. Best regards, Olivier > > Why don't these come up? > > sigtool --find-sigs MBL_85256034*|sigtool --decode-sigs > sigtool --find-sigs MBL_85256034|sigtool --decode-sigs > sigtool --find-sigs MBL_85256034.UNOFFICIAL|sigtool --decode-sigs > > I also see multiple signature whitelists with some duplication: > /var/lib/clamav/securiteinfo.ign2 > /var/lib/clamav/sigwhitelist.ign2 > /var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.ign2 > /var/lib/clamav-unofficial-sigs/dbs-ss/sigwhitelist.ign2 > > That should be ok? > > I've seen this reported here before, e.g., > https://clamav-users.clamav.narkive.com/mqj2qe6y/malwarepatrol-false-positive > and > https://clamav-users.clamav.narkive.com/5QYf5SQW/mbl-17713260-false-positive > > [2:text/plain Hide] > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
