[sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208

• From: "Steve Basford" <steveb_clamav@xxxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Mon, 6 Jun 2011 14:22:11 +0100

> The winnow.malware.ts.miscspam.672208 signature decodes to the domain of
> a common "click tracking" service used by a very large number of
> businesses to send bulk commercial email[1].
>
>

Hi,

Thanks for the report.

I've whitelisted using .ign2 on the mirrors, the following signatures:

winnow.malware.ts.miscspam.672208
INetMsg.SpamDomain-2m.virtualtarget_com_br

Bill/Tom will no doubt look into it later.

Cheers,

Steve
Sanesecurity

• Follow-Ups:
  • [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208
    • From: Bill Landry

• References:
  • [sanesecurity] False positives with winnow.malware.ts.miscspam.672208
    • From: Henrique de Moraes Holschuh

Other related posts:

• » [sanesecurity] False positives with winnow.malware.ts.miscspam.672208- Henrique de Moraes Holschuh
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208 - Steve Basford
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- TR Shaw
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- Bill Landry
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- Steve Basford
• » [sanesecurity] Re: False positives with winnow.malware.ts.miscspam.672208- Bill Landry

1. Home
2. sanesecurity
3. Archive
4. 06-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---