On 2/6/14, 3:12:09PM, Joel Esler (jesler) wrote:
http://blog.clamav.net/2014/02/clamav-mailing-list-maintenance-monday.html
ClamAV Mailing List Maintenance, Monday, February 10th, 2014
This notice is for the members of the ClamAV mailing lists found here:
http://lists.clamav.net/mailman/list
A simple process to do a name lookup on all the uribl.com authoritative
name servers. Use dig to find the full list of round robin name servers.
Dig output has tabs so I use expand to compress them to a single space
for awk's sake. Awk isolates the A records and passes the IP to a while
loop re
http://blog.clamav.net/2014/02/clamav-mailing-list-maintenance-monday.html
ClamAV Mailing List Maintenance, Monday, February 10th, 2014
This notice is for the members of the ClamAV mailing lists found here:
http://lists.clamav.net/mailman/listinfo/clamav-users
On Monday, February 10th, 2014 s
re: Dennis Peterson denni...@inetnw.com
"nslookup geneslinuxbox.net.multi.uribl.com" is only going to tell someone
where the first (of probably many) layered DNS servers are. Ubuntu 12.04
(LTS) takes this to an extreme by running a cacheing name server on the
desktop. i.e.:
Unfortunately, I'm n
On 2/6/14, 1:54 PM, Bryan Burke wrote:
Perhaps your blackholing problem is an indication of more problems -
we can ask the members to repeat the nslookup of your domain to see
if others get the results I got below.
nslookup geneslinuxbox.net.multi.uribl.com should return address not
found. If it
> Perhaps your blackholing problem is an indication of more problems -
> we can ask the members to repeat the nslookup of your domain to see
> if others get the results I got below.
>
> nslookup geneslinuxbox.net.multi.uribl.com should return address not
> found. If it is 127.0.0.X then there is s
$ nslookup geneslinuxbox.net.multi.uribl.com
Server: 10.0.1.1
Address:10.0.1.1#53
** server can't find geneslinuxbox.net.multi.uribl.com: NXDOMAIN
On Feb 6, 2014, at 4:48 PM, Dennis Peterson wrote:
> I'm not part of your problem or your solution. I don't own the TTL of the
> rec
I'm not part of your problem or your solution. I don't own the TTL of the
records of remote DNS servers (should be under 5 seconds, but ??). However -
your domain is no longer listed as of this post time, nor are several others
logged today. The vendor may have had problems - their home page sug
On 2/6/14, 7:54 AM, Douglas Goddard wrote:
Looking at the original file and what was uploaded to VT, this signature is
the md5sum of 43180 null bytes. While I would say this is definitely
Junk.Corrupted, it's not malicious. I'll drop it.
Thanks for the report.
There's more you should do (and
Looking at the original file and what was uploaded to VT, this signature is
the md5sum of 43180 null bytes. While I would say this is definitely
Junk.Corrupted, it's not malicious. I'll drop it.
Thanks for the report.
On Thu, Feb 6, 2014 at 6:12 AM, Steve Basford <
steveb_cla...@sanesecurity.com
FYI - I had some bounces this week because Gene Heskett's URI in the following
quote is trapped by uribl.com:
nslookup geneslinuxbox.net.multi.uribl.com
Server: 127.0.0.1
Address:127.0.0.1#53
Non-authoritative answer:
Name: geneslinuxbox.net.multi.uribl.com
Address: 127.0.0.2
On Thursday 06 February 2014 07:07:09 Steve Basford did opine:
> > Now, since the real thing is considered a high level threat to a win32
> > system, perhaps the thing to do is edit the .'s to DOT's, make a patch
> > and submit it to lkml? I might see if its accepted.
>
> Sorry, forgot to add th
> Now, since the real thing is considered a high level threat to a win32
> system, perhaps the thing to do is edit the .'s to DOT's, make a patch and
> submit it to lkml? I might see if its accepted.
Sorry, forgot to add this:
http://www DOT nirsoft DOT net/false_positive_report.html
fwiw, I
>> c) It's a false positive and should be report to MBL as such
>
> And their contact address is?
>
To report false positives or list problems: fp (_a_t_) malwarepatrol.net
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide:
ht
On Thursday 06 February 2014 06:50:55 Ralf Hildebrandt did opine:
> * Gene Heskett :
> > > It's an UNOFFICIAL pattern, not a core clamav pattern
> >
> > Still, is it not un-needed noise?
>
> It's obviously a FP, but calling it un-needed noise is a bit off. If
> the pattern were correct and would
On Thursday 06 February 2014 06:31:40 Steve Basford did opine:
> > The daily system scan is fussing about
> > /home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
> > MBL_400944.UNOFFICIAL FOUND
>
> Hi,
>
> Just seen your post on LKML, so before this get's any more out of hand
> than i
> Hi Clamav Users,
>
> I'm getting a FP-Alert from a customer regarding the following sig:
>
> main.hdb:15c9c9ed5046a885d241afd2159c236a:43180:Junk.Corrupted-50
>
> The scan is done on our inbound authenticated mail host, which rejects our
> customer's mail with the following error-message:
Hi,
T
On Thu, Feb 06, 2014 at 02:44 AM, Torge Husfeldt wrote:
> I'm getting a FP-Alert from a customer regarding the following sig:
>
> main.hdb:15c9c9ed5046a885d241afd2159c236a:43180:Junk.Corrupted-50
>
> The scan is done on our inbound authenticated mail host, which rejects our
> customer's mail wi
Hi Clamav Users,
I'm getting a FP-Alert from a customer regarding the following sig:
main.hdb:15c9c9ed5046a885d241afd2159c236a:43180:Junk.Corrupted-50
The scan is done on our inbound authenticated mail host, which rejects our
customer's mail with the following error-message:
Fehler: host smtp
* Gene Heskett :
> > It's an UNOFFICIAL pattern, not a core clamav pattern
>
> Still, is it not un-needed noise?
It's obviously a FP, but calling it un-needed noise is a bit off. If
the pattern were correct and would find a real virus, is it not
un-needed noise?
--
Ralf Hildebrandt
> The daily system scan is fussing about
> /home/gene/src/linux-3.8.2/Documentation/usb/gadget_multi.txt:
> MBL_400944.UNOFFICIAL FOUND
Hi,
Just seen your post on LKML, so before this get's any more out of hand
than it already has, here's why you'll find MBL_400944 detected in
gadget_multi.txt.
21 matches
Mail list logo
