[clamav-users] Malwarepatrol false positives

Joel Esler (jesler) jesler at cisco.com
Sat Apr 28 22:21:44 UTC 2018 

That shouldn’t be part of the official ruleset.  

Sent from my iPhone

> On Apr 28, 2018, at 17:32, Alex <mysqlstudent at gmail.com> wrote:
> 
> Hi,
> 
> So I decided to check which MBL hits there were today, and it seems
> they're now blocking https://bit.ly
> 
> $ sigtool --find-sigs MBL_6913896 |sigtool --decode-sigs
> VIRUS NAME: MBL_6913896
> TARGET TYPE: ANY FILE
> OFFSET: *
> DECODED SIGNATURE:
> https://bit.ly
> 
> I'm beginning to think I've made a mistake with this vendor...
> 
> 
>> On Sat, Apr 28, 2018 at 2:26 AM, Gene Heskett <gheskett at shentel.net> wrote:
>>> On Saturday 28 April 2018 01:06:38 Steve Basford wrote:
>>> 
>>> Hi Alex...
>>> 
>>> I've whitelisted the two sigs... until they fix them.. so that might
>>> help a little.
>>> 
>>> Cheers,
>>> 
>>> Steve
>>> Twitter: @sanesecurity
>>> On 28 April 2018 04:23:51 Alex <mysqlstudent at gmail.com> wrote:
>>> 
>>> Hi,
>>> 
>>> I can't imagine outright blocking https://goo.gl is not a mistake.
>>> 
>>> MBL_6882958 and MBL_6888621 both hit on https://goo.gl.
>>> 
>> 
>> its affecting my incoming traffic, mail traffic is down about 80% since
>> yesterday sometime. And its not being blocked here according to my
>> clamav logs. Nor apparently at shentel.net either, my isp.
>> 
>> --
>> Cheers, Gene Heskett
>> --
>> "There are four boxes to be used in defense of liberty:
>> soap, ballot, jury, and ammo. Please use in that order."
>> -Ed Howdershelt (Author)
>> Genes Web page <http://geneslinuxbox.net:6309/gene>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list