[clamav-users] Malwarepatrol false positive

Mark G Thomas Mark at Misty.com
Mon Aug 27 20:44:45 UTC 2018 

Hi,

But, there are more. This is nuts.

    # sigtool --find-sigs MBL_13112740 | sigtool --decode-sigs
    VIRUS NAME: MBL_13112740
    DECODED SIGNATURE:
    https://linkprotect.cudasvc.com/url

Mark

On Mon, Aug 27, 2018 at 07:41:27PM +0100, Steve Basford wrote:
> Just whitelisted for those using download scripts.. using the ign2
> file on the Sanesecurity mirrors.
> 
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> On 27 August 2018 19:16:49 Mark G Thomas <Mark at Misty.com> wrote:
> 
> >Hi,
> >
> >This seems to be an ongoing trend.
> >
> >I can't believe someone thought this would be a good idea!
> >
> >   # sigtool --find-sigs MBL_13087222 | sigtool --decode-sigs
> >   VIRUS NAME: MBL_13087222
> >   DECODED SIGNATURE:
> >   https://docs.google.com
> >
> >
> >On Tue, Aug 21, 2018 at 04:31:28AM -0700, Al Varnell wrote:
> >>OK, I don't think there is anything that ClamAV can do about it since
> >>it's an UNOFFICIAL.
> >>Maybe Steve Basford from SaneSecurity can put some pressure on them. He
> >>usually reads what's posted here.
> >>-Al-
> >>On Tue, Aug 21, 2018 at 04:27 AM, Dave McMurtrie wrote:
> >>
> >>They did this in April, 2017 also.  When I reported it as a false
> >>positive at that time, they responded with:
> >>"Thank you for contacting us.  There is a file hosted there with a
> >>vague
> >>AV classification.  After further reviewing it, we've decided to remove
> >>the URL from our block lists and data feeds."
> >>I'm beginning to get the feeling they don't have any type of review
> >>process in place.
> >>On Mon, 20 Aug 2018, Al Varnell wrote:
> >>
> >>Submit to fp (at) [1]malwarepatrol.net.
> >>-Al-
> >>On Mon, Aug 20, 2018 at 08:34 PM, Alex wrote:
> >>
> >>Hi, fyi
> >># sigtool --find-sigs MBL_12952716 | sigtool --decode-sigs
> >>VIRUS NAME: MBL_12952716
> >>TARGET TYPE: ANY FILE
> >>OFFSET: *
> >>DECODED SIGNATURE:
> >>[2]https://drive.google.com
> >
> >
> >
> >
> >--
> >Mark G. Thomas (Mark at Misty.com), KC3DRE
> >_______________________________________________
> >clamav-users mailing list
> >clamav-users at lists.clamav.net
> >http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> >Help us build a comprehensive ClamAV guide:
> >https://github.com/vrtadmin/clamav-faq
> >
> >http://www.clamav.net/contact.html#ml
> 
> 
> 
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-- 
Mark G. Thomas (Mark at Misty.com), KC3DRE

More information about the clamav-users mailing list