MBL sigs are now fixed, just had contact with them
"We sincerely apologize for the trouble caused by these faulty
signatures. An update to our system was applied this morning and,
unfortunately, it had this unwanted side effect.
The update was reverted and signatures should be fixed now. W
>
> Finally I would like to know why these subscriptions were implemented? Who
> can answer this question?
I had a report the this sig causing an issue, sigs were removed and domain
whitelisted.
Problem was a big spam run from those domain, but root was incorrectly
flagged
Cheers,
Steve
Sanese
On Wed, 21 Aug 2013, Robert wrote:
> I've been hit by this also (started around 2:50pm today UK time).
> All the FP's are via the same MBL_349876.
>
> I've commented out the MBL lines in the /etc/clamav-unofficial-sigs.conf
> file and killed all MBL sigs for now.
I had 10 different sigs in mbl.n
> Hi Andre,
> NB: I'm copying this to the ClamAV users list, as a heads-up.
>
> The ClamAV EXT list currently contains a number (eleven) of false positive
> entries. They all match the string "://" (without the quotes), which
> clearly matches any email containing any URL.
>
> This is a very
I've been hit by this also (started around 2:50pm today UK time).
All the FP's are via the same MBL_349876.
I've commented out the MBL lines in the /etc/clamav-unofficial-sigs.conf
file and killed all MBL sigs for now.
Robert.
On 21 Aug 2013, at 17:51, Andrew Beverley wrote:
> I've also had d
I've also had dozens of emails blocked as false-positives in the last
hour. All are being matched as MBL_349876.
It's not the first time I've had false positives with the MBL unofficial
list. I tried to report the last incident, but there is no contact
information on the MBL website.
I've added:
Hi,
I had exactly the same problem with emails on my servers. I found two
subscriptions those has been blocking emails from major ISPs in my country.
Finally I decided to bypass these subscriptions
Example1
fgrep -h Sanesecurity.Jurlbl.2650 *.ndb | sigtool --decode-sigs
VIRUS NAME: Sanesecurity
Hi Andre,
NB: I'm copying this to the ClamAV users list, as a heads-up.
The ClamAV EXT list currently contains a number (eleven) of false positive
entries. They all match the string "://" (without the quotes), which clearly
matches any email containing any URL.
This is a very serious er