Hi,
I had exactly the same problem with emails on my servers. I found two
subscriptions those has been blocking emails from major ISPs in my country.
Finally I decided to bypass these subscriptions
Example1
fgrep -h Sanesecurity.Jurlbl.2650 *.ndb | sigtool --decode-sigs
VIRUS NAME:
I've also had dozens of emails blocked as false-positives in the last
hour. All are being matched as MBL_349876.
It's not the first time I've had false positives with the MBL unofficial
list. I tried to report the last incident, but there is no contact
information on the MBL website.
I've added:
I've been hit by this also (started around 2:50pm today UK time).
All the FP's are via the same MBL_349876.
I've commented out the MBL lines in the /etc/clamav-unofficial-sigs.conf
file and killed all MBL sigs for now.
Robert.
On 21 Aug 2013, at 17:51, Andrew Beverley a...@andybev.com wrote:
Hi Andre,
NB: I'm copying this to the ClamAV users list, as a heads-up.
The ClamAV EXT list currently contains a number (eleven) of false positive
entries. They all match the string :// (without the quotes), which
clearly matches any email containing any URL.
This is a very serious
On Wed, 21 Aug 2013, Robert wrote:
I've been hit by this also (started around 2:50pm today UK time).
All the FP's are via the same MBL_349876.
I've commented out the MBL lines in the /etc/clamav-unofficial-sigs.conf
file and killed all MBL sigs for now.
I had 10 different sigs in mbl.ndb
Finally I would like to know why these subscriptions were implemented? Who
can answer this question?
I had a report the this sig causing an issue, sigs were removed and domain
whitelisted.
Problem was a big spam run from those domain, but root was incorrectly
flagged
Cheers,
Steve
MBL sigs are now fixed, just had contact with them
We sincerely apologize for the trouble caused by these faulty
signatures. An update to our system was applied this morning and,
unfortunately, it had this unwanted side effect.
The update was reverted and signatures should be fixed now.
