Hi, I was getting tons of these false positives (just reported&submitted a
sample).
you can delete the line:
Email.FreeGame:4:*:75626a6563743a{-30}(67|47)616d65*687474703a2f2f(31|32|33|34|35|36|37|38|39)
from /var/lib/clamav/daily.inc/daily.ndb
and it will go away.
It is triggered by any fil
On 10/3/07 7:26 AM, "Joao S Veiga" <[EMAIL PROTECTED]> wrote:
> "Pagamento" (payment) is a VERY common subject in Portuguese, and having a
> numeric
> link anywhere after that in your mailbox or in the same email causes the false
> positive. That signature is WAY too prone of false positives!
So
Joao S Veiga wrote:
> Hi, I was getting tons of these false positives (just reported&submitted a
> sample).
>
> you can delete the line:
>
> Email.FreeGame:4:*:75626a6563743a{-30}(67|47)616d65*687474703a2f2f(31|32|33|34|35|36|37|38|39)
>
> from /var/lib/clamav/daily.inc/daily.ndb
>
> and it w
Hi John,
> think long and hard about the combination of payments and entities which are
> reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
Agreed :-), but the problem is (and what has caused most of my problems) that if
you have an email with the Subject: Pagamento in
Joao S Veiga wrote:
> Hi John,
>
>> think long and hard about the combination of payments and entities which are
>> reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
>
> Agreed :-), but the problem is (and what has caused most of my problems) that
> if
> you have an e
Bill Landry wrote:
> Dennis Peterson wrote:
>> Joao S Veiga wrote:
>>> Hi John,
>>>
think long and hard about the combination of payments and entities which
are
reduced to using numeric IPs in URLs. I suspect my business goes
elsewhere.
>>> Agreed :-), but the problem is (an
Dennis Peterson wrote:
>> I've been following this discussion for the past few days, and I got to ask
>> why
>> scan an mbox file in the first place? I realize that if one does choose to
>> scan
>> an mbox file, then the scanner should do the right thing and consider each
>> message within the
Dennis Peterson wrote:
> Joao S Veiga wrote:
>> Hi John,
>>
>>> think long and hard about the combination of payments and entities which are
>>> reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
>> Agreed :-), but the problem is (and what has caused most of my problems)
Karsten Bräckelmann wrote:
> On Tue, 2007-10-02 at 10:24 -0700, Dennis Peterson wrote:
>> Can anyone offer a reason why the OP found a virus in the mbox file but not
>> in the
>> split out maildir messages? That kind of inconsistency is unsettling.
>
> Rather easy I guess, given your analysis of
Hi Dennis and others, thanks for pointing out that this has been discussed
already. Sorry about that; I only searched for "Email.FreeGame" and got to this
thread (I wasn't subscribing).
Hi Bill,
> If one is not scanning at transport time, then since the infected message has
> already been deliver
Hi,
> If one has hundreds of thousands of users,
I only have 50 users; I can put those wasted watts to work at night when the
servers are idle.
> At some point you have to pass the responsibility onto the end user (personal
> virus scanner, updated regularly), otherwise you make yourself liable
On Wednesday October 03, 2007 at 02:16:30 (PM) Joao S Veiga wrote:
> > If one has hundreds of thousands of users,
>
> I only have 50 users; I can put those wasted watts to work at night when the
> servers are idle.
>
> > At some point you have to pass the responsibility onto the end user
> > (p
On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
> Karsten Bräckelmann wrote:
Developers, read on. :)
> > Somewhat simplified, the signature reads "Subject with the string game"
> > and "an IP style http link".
> >
> > Scanning maildirs as well as scanning individual messages before
> >
Karsten Bräckelmann wrote:
> On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
>> Karsten Bräckelmann wrote:
>
> Developers, read on. :)
>
>>> Somewhat simplified, the signature reads "Subject with the string game"
>>> and "an IP style http link".
>>>
>>> Scanning maildirs as well as scan
On Thu, 04 Oct 2007 00:47:02 +0200
Karsten Bräckelmann <[EMAIL PROTECTED]> wrote:
> On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
> > Karsten Bräckelmann wrote:
>
> Developers, read on. :)
>
> > > Somewhat simplified, the signature reads "Subject with the string game"
> > > and "an I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Karsten Bräckelmann wrote:
[snip]
> Another downside of this approach, together with ClamAV treating mbox
> format files as text/plain is, that only the first hit will be reported.
[snip]
That was made to improve performance, the Changelog say so.
Tomasz Kojm wrote:
> On Thu, 04 Oct 2007 00:47:02 +0200
> Karsten Bräckelmann <[EMAIL PROTECTED]> wrote:
>
>> On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
>>> Karsten Bräckelmann wrote:
>> Developers, read on. :)
>>
Somewhat simplified, the signature reads "Subject with the strin
17 matches
Mail list logo
