[sanesecurity] Re: Any one have an issue with MBL_142932.UNOFFICIAL - false positive

  • From: Gerard Seibert <gerard@xxxxxxxxxxxxx>
  • To: sanesecurity@xxxxxxxxxxxxx
  • Date: Wed, 17 Nov 2010 08:22:34 -0500

On Wed, 17 Nov 2010 08:40:31 +0100
Mayk Backus <mayk@xxxxxxxx> articulated:

> On Wed, Nov 17, 2010 at 1:08 AM, René Berber <r.berber@xxxxxxxxxxxx>
> wrote:
> 
> > On 11/16/2010 8:15 AM, dave wrote:
> >
> > > My update around 12hrs ago seems to have started triggering on
> > > MBL_142932.UNOFFICIAL at an alarming rate.
> > >
> > > I wonder if anyone else has noticed this?
> > >
> > > On the premise that there was a 'mistake' I've updated defs a few
> > > times already, but the issue remains.
> > >
> > > Anyone know if this is something worth reporting?
> >
> > That database didn't even load (using Gerard Seibert's script)
> >
> > Date: Mon, 15 Nov 2010 03:14:53 -0600 (CST)
> >       ********** WARNING **********
> >        Unable to install: mbl.ndb
> >        Clamscan exited with error code 2
> >
> > --
> > René Berber
> >
> >
> >
> >
> 
> anyone more news on this ? Updating didn't resolve it yesterday, will
> today bring us more luck ? Is there a workaround ? I'd love to hear
> this bc running trough about 50 installs takes some time :-)

I have been having an intermittent problem with the "mbl.ndb" file for
several days now. The closest I have gotten to nailing down the problem
is that there appears to be a supercilious <CRLF> occasionally tagged
onto the end of the file ocasionally. That may be totally incorrect;
however, I have not been able to discover the exact problem with the
minuscule resources and time available to me at the present. At 08:08
EST this morning the file did download, validate and load correctly. I
am going to try and contact the definition file provider and see if
they can track down the problem.

The good news with my script is that a faulty "mbl.ndb" file will not
be made available for clamav to use. The last good file will remain in
use unless you manually delete it which would be totally unnecessary.

Selfless self promotion: there is an updated version of my script now
available on SourceForge.

        https://sourceforge.net/projects/scamp/

It doesn't help this problem; however, it does address a few other
minor bugs.


-- 
Gerard Seibert ✌
gerard@xxxxxxxxxxxxx

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
Si la vitesse de la lumière est 186,000 miles par seconde, quelle est la 
vitesse du noir?

Other related posts:

  1. Home
  2. sanesecurity
  3. Archive
  4. 11-2010