On Sat, Mar 05, 2011 at 12:15:48AM +0100, Leen Besselink wrote: > > > What went wrong, well... I think they put out an update which had a > > problem... this is the signature concerned: > > > > MBL_144360:0:*:7570646174 > > > > Which decodes to "updat". > > In a nutshell... any email containing the word "updat" would be > > flagged as a virus (ie. updated, updates), that's why there were sooo > > many false positives. > > > > Maybe I'm mistaken, but I think this has been suggested before. Couldn't > we just block short signatures from Malware Patrol by default ? That > would prevent these false positives. Everywhere you mean... my own script simply drops all under 7 chars. It might not be foolproof but has worked till this date.