On 05-03-2011 07:19, Peter wrote:
Thanks Steve, and the others on this list that raised the issue. I managed to nuke the MBL database here before any customers complained :)
Here we have a very large quarantine directory just for these things. We almost never bounce, and only do rejects based on RBLs/RHSBLs. If it got as far as clamav, it will either be marked and forwarded, or discarded. In either case, we store a copy for a while. It was a trivial matter to locate all mail that was missplaced bythe broken version of MBL_144360, and reinject them. I've actually seem some of the phish it wanted to catch among the false positives.
One thing I'd recommend to others though is to check your logs to see how many emails get caught by MBL (other than MBL_144360) - in my case there were none in the last month and I've therefore completely removed them. Others may find that they're useful.
Here in Brazil, MBL is quite helpful as it seems to be the only list of signatures with fast response to the massively mutating ecosystem of phish and trojans targeting brazilians specifically. Too bad their quality control is clearly not up to the job. -- Henrique de Moraes Holschuh <hmh@xxxxxxxxxxxxx> IM@ - Informática de Municípios Associados Engenharia de Telecomunicações TEL +55-19-3755-6555/CEL +55-19-9293-9464 Antes de imprimir, lembre-se de seu compromisso com o Meio Ambiente e do custo que você pode evitar.