[clamav-users] Malwarepatrol false positive
Mark G Thomas
Mark at Misty.com
Mon Aug 27 18:16:08 UTC 2018
Hi,
This seems to be an ongoing trend.
I can't believe someone thought this would be a good idea!
# sigtool --find-sigs MBL_13087222 | sigtool --decode-sigs
VIRUS NAME: MBL_13087222
DECODED SIGNATURE:
https://docs.google.com
On Tue, Aug 21, 2018 at 04:31:28AM -0700, Al Varnell wrote:
> OK, I don't think there is anything that ClamAV can do about it since
> it's an UNOFFICIAL.
> Maybe Steve Basford from SaneSecurity can put some pressure on them. He
> usually reads what's posted here.
> -Al-
> On Tue, Aug 21, 2018 at 04:27 AM, Dave McMurtrie wrote:
>
> They did this in April, 2017 also. When I reported it as a false
> positive at that time, they responded with:
> "Thank you for contacting us. There is a file hosted there with a
> vague
> AV classification. After further reviewing it, we've decided to remove
> the URL from our block lists and data feeds."
> I'm beginning to get the feeling they don't have any type of review
> process in place.
> On Mon, 20 Aug 2018, Al Varnell wrote:
>
> Submit to fp (at) [1]malwarepatrol.net.
> -Al-
> On Mon, Aug 20, 2018 at 08:34 PM, Alex wrote:
>
> Hi, fyi
> # sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
> VIRUS NAME: MBL_12952716
> TARGET TYPE: ANY FILE
> OFFSET: *
> DECODED SIGNATURE:
> [2]https://drive.google.com
--
Mark G. Thomas (Mark at Misty.com), KC3DRE
More information about the clamav-users
mailing list