Re: [clamav-users] Malwarepatrol false positives

2018-04-29 Thread Micah Snyder (micasnyd)
My mistake, Steve. I saw them listed at the bottom of your signatures page (https://sanesecurity.com/usage/signatures/) and neglected to read the "and distributed by" portion. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Apr 29, 2018, at 11:34 AM, Steve Basford

Re: [clamav-users] Malwarepatrol false positives

2018-04-29 Thread Steve Basford
On Sun, April 29, 2018 3:29 am, Micah Snyder (micasnyd) wrote: > What I think Joel is saying is that your MBL signatures are coming > through SaneSecurity, not from Cisco/Talos official ClamAV rule set. > > Hi Micah, MBL signatures are produced and distributed by MalwarePatrol, nothing to do

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Benny Pedersen
Alex skrev den 2018-04-29 03:24: That shouldn’t be part of the official ruleset. Really? bit.ly have abuse handling, so its hard to report if its rejected No one uses bit.ly for a legitimate purposes? is this a question ? I don't mean for that to sound sarcastic - I really don't know.

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Vincent Fox
M To: ClamAV users ML Subject: [clamav-users] Malwarepatrol false positives Hi, I can't imagine outright blocking https://goo.gl is not a mistake. $ sigtool --find-sigs MBL_6888621 | sigtool --decode-sigs VIRUS NAME: MBL_6888621 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: https://goo.gl

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Micah Snyder (micasnyd)
What I think Joel is saying is that your MBL signatures are coming through SaneSecurity, not from Cisco/Talos official ClamAV rule set. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Apr 28, 2018, at 9:24 PM, Alex > wrote:

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Alex
Hi, > That shouldn’t be part of the official ruleset. Really? No one uses bit.ly for a legitimate purposes? I don't mean for that to sound sarcastic - I really don't know. Everyone's heard of / uses bit.ly I thought... ___ clamav-users mailing list

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Joel Esler (jesler)
That shouldn’t be part of the official ruleset. Sent from my iPhone > On Apr 28, 2018, at 17:32, Alex wrote: > > Hi, > > So I decided to check which MBL hits there were today, and it seems > they're now blocking https://bit.ly > > $ sigtool --find-sigs MBL_6913896

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Alex
Hi, So I decided to check which MBL hits there were today, and it seems they're now blocking https://bit.ly $ sigtool --find-sigs MBL_6913896 |sigtool --decode-sigs VIRUS NAME: MBL_6913896 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: https://bit.ly I'm beginning to think I've made a

Re: [clamav-users] Malwarepatrol false positives

2018-04-28 Thread Gene Heskett
On Saturday 28 April 2018 01:06:38 Steve Basford wrote: > Hi Alex... > > I've whitelisted the two sigs... until they fix them.. so that might > help a little. > > Cheers, > > Steve > Twitter: @sanesecurity > On 28 April 2018 04:23:51 Alex wrote: > > Hi, > > I can't

Re: [clamav-users] Malwarepatrol false positives

2018-04-27 Thread Steve Basford
Hi Alex... I've whitelisted the two sigs... until they fix them.. so that might help a little. Cheers, Steve Twitter: @sanesecurity On 28 April 2018 04:23:51 Alex wrote: Hi, I can't imagine outright blocking https://goo.gl is not a mistake. MBL_6882958 and

[clamav-users] Malwarepatrol false positives

2018-04-27 Thread Alex
Hi, I can't imagine outright blocking https://goo.gl is not a mistake. $ sigtool --find-sigs MBL_6888621 | sigtool --decode-sigs VIRUS NAME: MBL_6888621 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: https://goo.gl MBL_6882958 and MBL_6888621 both hit on https://goo.gl. I've reported this