I'd like the script and in our case the link starts with docs.google.com On Wed, Apr 28, 2021, 10:43 PM Olivier via clamav-users < clamav-users@lists.clamav.net> wrote:
> Hi, > > Robert Kudyba <rkud...@fordham.edu> writes: > > > [1:multipart/alternative Hide] > > > > > > [1/1:text/plain Show] > > > > > > [1/2:text/html Hide Save:noname (3kB)] > > > > Since the signature name has .UNOFFICIAL and starts with MBL I believe > that's Malware Block List. I've > > submitted a sample to fp (at) malwarepatrol.net. Is more than one > sample needed? I'm posting here to let > > others know and as they don't appear to acknowledge nor reply. > > I contacted thenm once and te reply was in the line that thy considered > that the risk was real enough to keep the rule(s). > > As I am updating ClamAV unofficial with the clamav-unofficial-sigs.sh > script, I wrote a hook that removes any drive.google.doc from the > signature (there are/were at least 3 entries). > > As I wrote the hook, I can modify it in the future to fit my needs, so it > is not wasted time. > > I can share the script. > > Best regards, > > Olivier > > > > > Why don't these come up? > > > > sigtool --find-sigs MBL_85256034*|sigtool --decode-sigs > > sigtool --find-sigs MBL_85256034|sigtool --decode-sigs > > sigtool --find-sigs MBL_85256034.UNOFFICIAL|sigtool --decode-sigs > > > > I also see multiple signature whitelists with some duplication: > > /var/lib/clamav/securiteinfo.ign2 > > /var/lib/clamav/sigwhitelist.ign2 > > /var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.ign2 > > /var/lib/clamav-unofficial-sigs/dbs-ss/sigwhitelist.ign2 > > > > That should be ok? > > > > I've seen this reported here before, e.g., > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__clamav-2Dusers.clamav.narkive.com_mqj2qe6y_malwarepatrol-2Dfalse-2Dpositive&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=6tCDXT_YVJu-MkGcpYo2ALyUNCBZcYdjQOuu9h1VefM&e= > and > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__clamav-2Dusers.clamav.narkive.com_5QYf5SQW_mbl-2D17713260-2Dfalse-2Dpositive&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=KMcxrU5RpN6SA57PjUQsvl9GL8c4Hj5IrYHxdYYrqzw&e= > > > > [2:text/plain Hide] > > > > > > _______________________________________________ > > > > clamav-users mailing list > > clamav-users@lists.clamav.net > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=qYk_rum7Qgxzc3SMXv3y-sIqiPNggyxaTUZv8WMPzac&e= > > > > > > Help us build a comprehensive ClamAV guide: > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=Ga3hycovx2zHfpkqkvDfpqDjlh65VAwU5EURxyItqZ8&e= > > > > > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=tFiu7fSA8X_CruKhzeg7NKZ-GPDRv-iyINn2cc9-Wro&e= > > -- > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=qYk_rum7Qgxzc3SMXv3y-sIqiPNggyxaTUZv8WMPzac&e= > > > Help us build a comprehensive ClamAV guide: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=Ga3hycovx2zHfpkqkvDfpqDjlh65VAwU5EURxyItqZ8&e= > > > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=KhBuIVsvfs5eqh3J98L6ty_bMZSro_LkgwbCQWFzCWI&s=tFiu7fSA8X_CruKhzeg7NKZ-GPDRv-iyINn2cc9-Wro&e= >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
