[clamav-users] Malwarepatrol false positive

Mon Aug 27 18:41:27 UTC 2018

Just whitelisted for those using download scripts.. using the ign2 file on 
the Sanesecurity mirrors.

Cheers,

Steve
Twitter: @sanesecurity
On 27 August 2018 19:16:49 Mark G Thomas <Mark at Misty.com> wrote:

> Hi,
>
> This seems to be an ongoing trend.
>
> I can't believe someone thought this would be a good idea!
>
>    # sigtool --find-sigs MBL_13087222 | sigtool --decode-sigs
>    VIRUS NAME: MBL_13087222
>    DECODED SIGNATURE:
>    https://docs.google.com
>
>
> On Tue, Aug 21, 2018 at 04:31:28AM -0700, Al Varnell wrote:
>> OK, I don't think there is anything that ClamAV can do about it since
>> it's an UNOFFICIAL.
>> Maybe Steve Basford from SaneSecurity can put some pressure on them. He
>> usually reads what's posted here.
>> -Al-
>> On Tue, Aug 21, 2018 at 04:27 AM, Dave McMurtrie wrote:
>>
>> They did this in April, 2017 also.  When I reported it as a false
>> positive at that time, they responded with:
>> "Thank you for contacting us.  There is a file hosted there with a
>> vague
>> AV classification.  After further reviewing it, we've decided to remove
>> the URL from our block lists and data feeds."
>> I'm beginning to get the feeling they don't have any type of review
>> process in place.
>> On Mon, 20 Aug 2018, Al Varnell wrote:
>>
>> Submit to fp (at) [1]malwarepatrol.net.
>> -Al-
>> On Mon, Aug 20, 2018 at 08:34 PM, Alex wrote:
>>
>> Hi, fyi
>> # sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
>> VIRUS NAME: MBL_12952716
>> TARGET TYPE: ANY FILE
>> OFFSET: *
>> DECODED SIGNATURE:
>> [2]https://drive.google.com
>
>
>
>
> --
> Mark G. Thomas (Mark at Misty.com), KC3DRE
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml