Hi, >> The MBL_144360 is still present in the mbl database, but now it >> doesn't match. > > That signature has a big google footprint. I found it here, for example: > > http://permalink.gmane.org/gmane.comp.security.virus.clamav.sanesecurity/3094 > > It would seem there is a QA problem and that perhaps the creator is > modifying existing signatures rather than replacing them. This is bad > practice in my opinion. Signature identifiers should be unique. If a > signature is modified it should get a new identifier. > > I quit using those sigs quite some time ago.
Interesting, thanks so much. I've noticed it catches quite a bit here. I assumed they were safe. Is the general consensus that they are more aggressive or experimental than should be acceptable on a production box? Thanks again, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
