[sanesecurity] Re: Sanesecurity.Junk.11781.UNOFFICIAL
- From: micah anderson <micah@xxxxxxxxxx>
- To: Steve Basford <steveb_clamav@xxxxxxxxxxxxxxxx>, sanesecurity@xxxxxxxxxxxxx
- Date: Sat, 27 Feb 2010 16:29:25 -0500
On Sat, 27 Feb 2010 11:23:53 +0000, Steve Basford
<steveb_clamav@xxxxxxxxxxxxxxxx> wrote:
>
>
> micah anderson wrote:
> > Ok, so the *real* false positive I wanted to report earlier was
> > confusing, because the entire issue is confusing. So have a look at this
> > URL:
> >
> > http://micah.riseup.net/pastes/2010-02-26T112912
> Fixed (in the next update in about 30 mins)
Confirmed.
> > 3. More strange is that Sanesecurity.Junk.10689 has the same domain
> > string in it, although without the odd binary characters at the
> > front. Are these supposed to be duplicates? If so, the issue in #2 needs
> > to be fixed in this signature as well.
> >
> The Junk signature has now been fixed as well.
Confirmed.
> 4. Even more strange, another email with the same string in it, was
> blocked on the 24th, but the rule that was returned as used to block the
> email was totally different, it was Sanesecurity.Junk.10690:
> http://micah.riseup.net/pastes/2010-02-26T190808.fXDy0GYauH
Confirmed.
> If you grab the updates again, say in a couple of hours, try a re-scan
> on your samples and see if the problem has now been fixed.
Looks all good!
> Sorry again for the confusion,
No problem, thanks for the quick reply!
micah
Other related posts:
