[sanesecurity] Re: MBL_144360 update
- From: Scott Silva <ssilva@xxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 10 Mar 2011 13:53:06 -0800
on 3/10/2011 5:01 AM Henrique de Moraes Holschuh spake the following:
> On 05-03-2011 07:19, Peter wrote:
>> Thanks Steve, and the others on this list that raised the issue. I
>> managed to nuke the MBL database here before any customers complained
>> :)
>
> Here we have a very large quarantine directory just for these things. We
> almost never bounce, and only do rejects based on RBLs/RHSBLs. If it
> got as far as clamav, it will either be marked and forwarded, or
> discarded. In either case, we store a copy for a while.
>
> It was a trivial matter to locate all mail that was missplaced by
> the broken version of MBL_144360, and reinject them. I've actually seem some
> of the phish it wanted to catch among the false positives.
>
>> One thing I'd recommend to others though is to check your logs to see
>> how many emails get caught by MBL (other than MBL_144360) - in my
>> case there were none in the last month and I've therefore completely
>> removed them. Others may find that they're useful.
>
> Here in Brazil, MBL is quite helpful as it seems to be the only list of
> signatures with fast response to the massively mutating ecosystem of
> phish and trojans targeting brazilians specifically.
>
> Too bad their quality control is clearly not up to the job.
>
to be fair to them, this seems to be the first error like this that I can
remember from them...
Other related posts:
