On 03-03-2011 21:47, Scott Silva wrote:
MBL_144360.UNOFFICIAL gives me false positives
Also here, HOWEVER:The signature identified as such from a fresh download from www.malwarepatrol.com.br decodes to
u p d a t e . m u l t i v a c c i n e . c o . k r / s e t u p aminus the spaces. This string is NOT anywhere in the emails that got quarantined here because of the signature.
clamav 0.96.5.I don't have the problematic mbl.ndb anymore, can anyone that still has it decode the sig and check? It might have been updated in the meantime.
Sig I got here: MBL_144360:0:*:7570646174652e6d756c746976616363696e652e636f2e6b722f736574757061 If the signature is indeed the one above, bad things might be afoot. -- Henrique de Moraes Holschuh <hmh@xxxxxxxxxxxxx> IM@ - Informática de Municípios Associados Engenharia de Telecomunicações TEL +55-19-3755-6555/CEL +55-19-9293-9464 Antes de imprimir, lembre-se de seu compromisso com o Meio Ambiente e do custo que você pode evitar.