Mark,
Worm.Bagle.F-zippwd-6 had been in our signature database for 7 years and
had been performing well. It is definitely preferable for us to receive an
FP report along with the file(s) that are causing the suspected
FP. Nevertheless, I have dropped Worm.Bagle.F-zippwd-6 as of now, and will
relea
Alain (and others),
A month later and I am experiencing similar problems.
Worm.Bagle.F-zippwd-6 instead of -7.
The 'sigtool' output for both -6 and -7 appears to be identical minus a
single ^M at the end of a line., but my take on it is, surely the
presence of the word 'pass' followed by an encr
Mark,
Sorry for the longer than usual turn-around. I will look into your FP
submission and get back to you in the next few hours.
-Alain
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi there,
On Fri, 24 Aug 2012, Mark Foster wrote:
First time poster, please indulge me as I get to grips with how
this group works
Read all the docs that you can find, especially
http://www.clamav.net/doc/latest/clamdoc.pdf
and
http://www.clamav.net/doc/latest/signatures.pdf
although
On 8/23/12 8:30 PM, "Mark Foster" wrote:
>
> Hi folks
> First time poster, please indulge me as I get to grips with how this
> group works
>
> I have had a case recently where a customer of my mail platform
> (protected with Clam) received an encrypted zip attachment.
> The body of the mess
Hi folks
First time poster, please indulge me as I get to grips with how this
group works
I have had a case recently where a customer of my mail platform
(protected with Clam) received an encrypted zip attachment.
The body of the message immediately prior to the Base64 encoded
attachment cont
