on 3/10/2011 5:01 AM Henrique de Moraes Holschuh spake the following: > On 05-03-2011 07:19, Peter wrote: >> Thanks Steve, and the others on this list that raised the issue. I >> managed to nuke the MBL database here before any customers complained >> :) > > Here we have a very large quarantine directory just for these things. We > almost never bounce, and only do rejects based on RBLs/RHSBLs. If it > got as far as clamav, it will either be marked and forwarded, or > discarded. In either case, we store a copy for a while. > > It was a trivial matter to locate all mail that was missplaced by > the broken version of MBL_144360, and reinject them. I've actually seem some > of the phish it wanted to catch among the false positives. > >> One thing I'd recommend to others though is to check your logs to see >> how many emails get caught by MBL (other than MBL_144360) - in my >> case there were none in the last month and I've therefore completely >> removed them. Others may find that they're useful. > > Here in Brazil, MBL is quite helpful as it seems to be the only list of > signatures with fast response to the massively mutating ecosystem of > phish and trojans targeting brazilians specifically. > > Too bad their quality control is clearly not up to the job. > to be fair to them, this seems to be the first error like this that I can remember from them...