On 2/22/2012 1:00 PM, John Madden wrote: > Oh, and I now realize that this is outside of freshclam's control, being > a sanesecurity signature. I removed the mbl.db and disabled that > cronjob until we sort this out... > > > > On 02/22/2012 12:51 PM, John Madden wrote: >> I wasn't able to receive my own post... >> >> freshclam didn't initially pull that signature back in (I removed it >> manually from mbl.db) so I thought we were in the clear. It eventually >> came back and everything came tumbling down again. >> >> Steve, replying to your post: >> >> grep MBL_207346 | sigtool --decode-sigs >> >> That seems illogical. I did this instead: >> >> sigtool --find-sigs MBL_207346 | sigtool --decode-sigs >> VIRUS NAME: MBL_207346 >> DECODED SIGNATURE: >> www. >> >> If "www." is truly the signature, well, I think we've found the problem.
I checked it on my system and it looks normal. $ sigtool --find-sigs MBL_207346 | sigtool --decode-sigs VIRUS NAME: MBL_207346 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: www.thinkertec.com/trial -- Bowie _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml