[clamav-users] Malwarepatrol false positives
Alex
mysqlstudent at gmail.com
Sat Apr 28 21:32:05 UTC 2018
Hi,
So I decided to check which MBL hits there were today, and it seems
they're now blocking https://bit.ly
$ sigtool --find-sigs MBL_6913896 |sigtool --decode-sigs
VIRUS NAME: MBL_6913896
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://bit.ly
I'm beginning to think I've made a mistake with this vendor...
On Sat, Apr 28, 2018 at 2:26 AM, Gene Heskett <gheskett at shentel.net> wrote:
> On Saturday 28 April 2018 01:06:38 Steve Basford wrote:
>
>> Hi Alex...
>>
>> I've whitelisted the two sigs... until they fix them.. so that might
>> help a little.
>>
>> Cheers,
>>
>> Steve
>> Twitter: @sanesecurity
>> On 28 April 2018 04:23:51 Alex <mysqlstudent at gmail.com> wrote:
>>
>> Hi,
>>
>> I can't imagine outright blocking https://goo.gl is not a mistake.
>>
>> MBL_6882958 and MBL_6888621 both hit on https://goo.gl.
>>
>
> its affecting my incoming traffic, mail traffic is down about 80% since
> yesterday sometime. And its not being blocked here according to my
> clamav logs. Nor apparently at shentel.net either, my isp.
>
> --
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page <http://geneslinuxbox.net:6309/gene>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list