Hi, Some time ago I posted a message requesting help tracking down a false positive, and trying to learn why it triggered. I have another one. This is the information from the logs for that message:
Mar 4 00:02:05 smtp01 amavis[16992]: (16992-212) Virus MBL_144360.UNOFFICIAL matches pattern (?-xism:.*), sender addr ignored [1104B13D4014] Mar 4 00:02:05 smtp01 amavis[16992]: (16992-212) Virus MBL_144360.UNOFFICIAL matches pattern (?-xism:.*), sender addr ignored [1104B13D4014] I ran the following: $ sigtool --find-sigs MBL_144360 | sigtool --decode-sigs VIRUS NAME: MBL_144360 TARGET TYPE: ANY FILE OFFSET: * DECODED SIGNATURE: update.multivaccine.co.kr/setupa Is that the correct way? I looked at the email itself, and not only is it from a trusted sender, but it doesn't contain that URL in the message. Am I missing something? Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
