[clamav-users] Malwarepatrol false positives
Steve Basford
steveb_clamav at sanesecurity.com
Sun Apr 29 15:34:19 UTC 2018
On Sun, April 29, 2018 3:29 am, Micah Snyder (micasnyd) wrote:
> What I think Joel is saying is that your MBL signatures are coming
> through SaneSecurity, not from Cisco/Talos official ClamAV rule set.
>
>
Hi Micah,
MBL signatures are produced and distributed by MalwarePatrol, nothing to
do with Sanesecurity.
MalwarePatrol can be added as an option from the main download script here:
https://github.com/extremeshok/clamav-unofficial-sigs
MalwarePatrol FP's can be reported here: fp (_a_t_) malwarepatrol.net
On the Sanesecurity mirrors, sigwhitelist.ign2 has the following whitelist
entries:
MBL_6882958
MBL_6888621
MBL_6913896
So, that might help a little until they fix the issues.
--
Cheers,
Steve
Twitter: @sanesecurity
More information about the clamav-users
mailing list