[clamav-users] false positive on MBL_82485625.UNOFFICIAL for Google Drive links sent as attachments
G.W. Haywood
clamav at jubileegroup.co.uk
Wed Mar 24 15:39:18 UTC 2021
Hi there,
On Wed, 24 Mar 2021, Robert Kudyba wrote:
> Using clamav-milter 0.103.1 with sendmail on Fedora 33, we had several
> emails quarantined with the MBL_82485625.UNOFFICIAL. All they contained was
> a link forwarded as an attachment of a Google Drive folder. I reported this
> to the false positive at SaneSecurity address. ...
It's a Malware Patrol signature so you should report it to them, not Sansecurity:
https://sanesecurity.com/support/false-positives/
https://www.malwarepatrol.net/
> Is there a way to verify that the signature itself was fixed?
I don't know what update documentation Malware Patrol does now, I
stopped using them in 2013.
To see what the signature contains you can use 'sigtool', alternatively
grep the database file(s) for the string 'MBL_82485625'. I tend to use
the grep '-a' option when I grep things like signature files.
--
73,
Ged.
More information about the clamav-users
mailing list