Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Many false positives: MBL_312128 / MBL_303159

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


lcaron at unix-scripts

Aug 7, 2012, 11:38 AM

Post #1 of 5 (372 views)
Permalink
Many false positives: MBL_312128 / MBL_303159
Hi,

I'm currently experiencing lots of FP.

Those FP range from automatic apticron debian mails, mails with simple
clean PDF files, CSV files, ...

Do any of you experience the same ?

Thanks

Laurent
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


molney at sourcefire

Aug 7, 2012, 11:46 AM

Post #2 of 5 (365 views)
Permalink
Re: Many false positives: MBL_312128 / MBL_303159 [In reply to]
We've heard similar complaints on IRC. It looks like downloads may be
broken from MBL. You'll have to work with them to address the issue.

Matt

On Tue, Aug 7, 2012 at 2:38 PM, Laurent CARON <lcaron [at] unix-scripts>wrote:

> Hi,
>
> I'm currently experiencing lots of FP.
>
> Those FP range from automatic apticron debian mails, mails with simple
> clean PDF files, CSV files, ...
>
> Do any of you experience the same ?
>
> Thanks
>
> Laurent
> ______________________________**_________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


Bowie_Bailey at BUC

Aug 7, 2012, 12:00 PM

Post #3 of 5 (366 views)
Permalink
Re: Many false positives: MBL_312128 / MBL_303159 [In reply to]
On 8/7/2012 2:46 PM, Matt Olney wrote:
> We've heard similar complaints on IRC. It looks like downloads may be
> broken from MBL. You'll have to work with them to address the issue.

My last download was 3 hours ago. I don't see a problem from here.

Also, I do not see the problematic rules in the current MBL database.

--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


lconrad at Go2France

Aug 7, 2012, 1:18 PM

Post #4 of 5 (336 views)
Permalink
Re: Many false positives: MBL_312128 / MBL_303159 [In reply to]
---------- Original Message ----------------------------------
From: Laurent CARON <lcaron [at] unix-scripts>
Reply-To: ClamAV users ML <clamav-users [at] lists>
Date: Tue, 07 Aug 2012 20:38:40 +0200

>Hi,
>
>I'm currently experiencing lots of FP.
>
>Those FP range from automatic apticron debian mails, mails with simple
>clean PDF files, CSV files, ...
>
>Do any of you experience the same ?
>
>Thanks
>
>Laurent

running clam here with postfix and clamsmtpd on a relay-only mx gateway.

Starting with our 8AM signature update, we accumulated 16K msgs in /var/virus quarantine in 4 hours (vs an avg of 1000/day)

16354 status=VIRUS:MBL_303159.UNOFFICIAL

MBL = signature from Malware Block List see: http://www.malware.com.br/cgi/search.pl for "303159"


I cannot find how to release this msgs from quarantine

urgent replies welcome! :)

Len

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


lcaron at unix-scripts

Aug 8, 2012, 12:57 AM

Post #5 of 5 (315 views)
Permalink
Re: Many false positives: MBL_312128 / MBL_303159 [In reply to]
On Tue, Aug 07, 2012 at 03:00:15PM -0400, Bowie Bailey wrote:
> On 8/7/2012 2:46 PM, Matt Olney wrote:
> >We've heard similar complaints on IRC. It looks like downloads may be
> >broken from MBL. You'll have to work with them to address the issue.
>
> My last download was 3 hours ago. I don't see a problem from here.
>
> Also, I do not see the problematic rules in the current MBL database.

After last update of this morning the problem is solved.


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.