[sanesecurity] Re: MBL_144360 update

• From: Henrik K <hege@xxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Sat, 5 Mar 2011 07:31:41 +0200

On Sat, Mar 05, 2011 at 12:15:48AM +0100, Leen Besselink wrote:
> 
> > What went wrong, well... I think they put out an update which had a
> > problem... this is the signature concerned:
> >
> > MBL_144360:0:*:7570646174
> >
> > Which decodes to "updat". 
> > In a nutshell... any email containing the word "updat" would be
> > flagged as a virus (ie.  updated, updates), that's why there were sooo
> > many false positives.
> >
> 
> Maybe I'm mistaken, but I think this has been suggested before. Couldn't
> we just block short signatures from Malware Patrol by default ? That
> would prevent these false positives.

Everywhere you mean... my own script simply drops all under 7 chars.  It
might not be foolproof but has worked till this date.

• References:
  • [sanesecurity] MBL_144360 update
    • From: Steve Basford
  • [sanesecurity] Re: MBL_144360 update
    • From: Leen Besselink

Other related posts:

• » [sanesecurity] MBL_144360 update- Steve Basford
• » [sanesecurity] Re: MBL_144360 update- Leen Besselink
• » [sanesecurity] Re: MBL_144360 update - Henrik K
• » [sanesecurity] Re: MBL_144360 update- Peter
• » [sanesecurity] Re: MBL_144360 update- Henrique de Moraes Holschuh
• » [sanesecurity] Re: MBL_144360 update- Scott Silva
• » [sanesecurity] Re: MBL_144360 update- Steve Basford

1. Home
2. sanesecurity
3. Archive
4. 03-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---