[clamav-users] reported before, makes no sense
Steve Basford
steveb_clamav at sanesecurity.com
Fri May 16 06:37:08 UTC 2014
>> UNOFFICIAL means it did not come from ClamAV®.
>> You need to take it up with whomever maintains the MBL database.
>> MalwarePatrol? <http://malwarepatrol.com.br/>
> I don't recall every subscribing to that service, and the clamav-
> unofficial sigs database is not installed, and never has been.
>
> Now what? Shut down my daily scan?
Hi Gene,
Malware Patrol databases used to be a free service and was included in
most of the 3rd party download scripts, however, it's since changed to a
subscription service.
These databases aren't mirrored by Sanesecurity, so I don't have any real
input, however, I have added the FP signature to Sanesecurity mirrored
sigwhitelist.ign2 file.
The databases to look for in your clamav database area are:
mbl.db
mbl.ndb
Remove both and restart clamd
If the above databases come back... you've got to check your download
scripts and remove them.
Alternatively,
printf "MBL_343814" > localwhitelist.ign2
place localwhitelist.ign2 into your clamav database directory
restart clamd.
For future reference, here's the current FP report addresses:
http://sanesecurity.com/support/false-positives/
Hope this helps a little...
Cheers,
Steve
Sanesecurity
More information about the clamav-users
mailing list