[sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd

• From: Bill Landry <bill@xxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Fri, 26 Jun 2009 08:22:48 -0700

Steve Basford wrote:
> 
> 
> Wolfgang Zeikat wrote:
>> Hi,
>>
>> a legitimate and wanted mail was hit here by
>> Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd
>>
> Fixed.
> 
> It also matches INetMsg.SpamDomain-2w.l-finance_com (Bill is looking at
> that at the moment)

As Steve pointed out to me off-list, even though this domain is is
listed on several URIBLs, when used in a ClamAV signature, it is also
matching on legitimate sites due to the fact that ClamAV does not
support delimiters or word boundaries within their signatures.

For this reason, I have also removed this domain from my signature files.

Bill

• References:
  • [sanesecurity] False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd
    • From: Wolfgang Zeikat
  • [sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd
    • From: Steve Basford

Other related posts:

• » [sanesecurity] False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd- Wolfgang Zeikat
• » [sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd- Wolfgang Zeikat
• » [sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd- Tom Shaw
• » [sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd- Steve Basford
• » [sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd - Bill Landry
• » [sanesecurity] Re: False positive Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd- Tom Shaw

1. Home
2. sanesecurity
3. Archive
4. 06-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---