My mistake, Steve. I saw them listed at the bottom of your signatures page
(https://sanesecurity.com/usage/signatures/) and neglected to read the "and
distributed by" portion.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Apr 29, 2018, at 11:34 AM, Steve Basford
On Sun, April 29, 2018 3:29 am, Micah Snyder (micasnyd) wrote:
> What I think Joel is saying is that your MBL signatures are coming
> through SaneSecurity, not from Cisco/Talos official ClamAV rule set.
>
>
Hi Micah,
MBL signatures are produced and distributed by MalwarePatrol, nothing to
do
Alex skrev den 2018-04-29 03:24:
That shouldn’t be part of the official ruleset.
Really?
bit.ly have abuse handling, so its hard to report if its rejected
No one uses bit.ly for a legitimate purposes?
is this a question ?
I don't mean for that to sound sarcastic - I really don't know.
M
To: ClamAV users ML
Subject: [clamav-users] Malwarepatrol false positives
Hi,
I can't imagine outright blocking https://goo.gl is not a mistake.
$ sigtool --find-sigs MBL_6888621 | sigtool --decode-sigs
VIRUS NAME: MBL_6888621
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://goo.gl
What I think Joel is saying is that your MBL signatures are coming through
SaneSecurity, not from Cisco/Talos official ClamAV rule set.
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Apr 28, 2018, at 9:24 PM, Alex
> wrote:
Hi,
> That shouldn’t be part of the official ruleset.
Really? No one uses bit.ly for a legitimate purposes?
I don't mean for that to sound sarcastic - I really don't know.
Everyone's heard of / uses bit.ly I thought...
___
clamav-users mailing list
That shouldn’t be part of the official ruleset.
Sent from my iPhone
> On Apr 28, 2018, at 17:32, Alex wrote:
>
> Hi,
>
> So I decided to check which MBL hits there were today, and it seems
> they're now blocking https://bit.ly
>
> $ sigtool --find-sigs MBL_6913896
Hi,
So I decided to check which MBL hits there were today, and it seems
they're now blocking https://bit.ly
$ sigtool --find-sigs MBL_6913896 |sigtool --decode-sigs
VIRUS NAME: MBL_6913896
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://bit.ly
I'm beginning to think I've made a
On Saturday 28 April 2018 01:06:38 Steve Basford wrote:
> Hi Alex...
>
> I've whitelisted the two sigs... until they fix them.. so that might
> help a little.
>
> Cheers,
>
> Steve
> Twitter: @sanesecurity
> On 28 April 2018 04:23:51 Alex wrote:
>
> Hi,
>
> I can't
Hi Alex...
I've whitelisted the two sigs... until they fix them.. so that might help a
little.
Cheers,
Steve
Twitter: @sanesecurity
On 28 April 2018 04:23:51 Alex wrote:
Hi,
I can't imagine outright blocking https://goo.gl is not a mistake.
MBL_6882958 and
Hi,
I can't imagine outright blocking https://goo.gl is not a mistake.
$ sigtool --find-sigs MBL_6888621 | sigtool --decode-sigs
VIRUS NAME: MBL_6888621
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://goo.gl
MBL_6882958 and MBL_6888621 both hit on https://goo.gl.
I've reported this
11 matches
Mail list logo