On 28 April 2021 15:25:32 Robert Kudyba <[email protected]> wrote:
Since the signature name has .UNOFFICIAL and starts with MBL I believe
that's Malware Block List. I've submitted a sample to fp (at)
malwarepatrol.net. Is more than one sample needed? I'm posting here to let
others know and as they don't appear to acknowledge nor reply.
Hi...
This issue has cropped up lots of times unfortunately (search the list archive)
This is on their blog:
https://www.malwarepatrol.net/block-lists-protect-against-ransomware-infections/
They really should have a main block list with Google drive links in...
and a separate one for the whole Google drive domain (for people that don't
mind the high FP's)
This hasn't been fixed as far as I can see since 2018-ish...
Obviously there are script tweaks to remove Google drive sigs before moving
to the ClamAV database folder...
... Or just stop using them and save yourself the headache.
Their sig name changes each time too, otherwise I could add a sig to the
unofficial mirrors to stop it.
When you report the issue to them make sure you report the blocked domain
as drive dot Google dot com etc. as the normal text domain might get
blocked using their own signatures.
Sorry I can't help much more.
Cheers,
Steve
Twitter: @sanesecurity
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
