[clamav-users] Duplicate entry in SecuriteInfo spam_marketing database
Alan Stern
stern at rowland.harvard.edu
Fri Sep 5 14:44:32 UTC 2014
Steve:
I noticed this when the whitelist update notices from the
clamav-unofficial-sigs.sh script started growing exponentially. The
script doesn't anticipate that one signature's hex string might be a
sub-sequence of another signature's, and it doesn't handle them
properly when that happens.
In this case, the two entries in the spam_marketing.ndb database are:
SecuriteInfo.com.Spammer.bluehornet.com:4:*:626c7565686f726e65742e636f6d
SecuriteInfo.com.Spammer.echo.bluehornet.com:4:*:6563686f2e626c7565686f726e65742e636f6d
There doesn't seem to be any reason for the second signature, because
anything it matches will already be matched by the first sig.
There may well be other duplicated entries; this is just the one I
noticed.
Alan Stern
More information about the clamav-users
mailing list