[sanesecurity_announce] False positives on MBL_144360.UNOFFICIAL

• From: "Steve Basford" <steveb_clamav@xxxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Fri, 4 Mar 2011 09:12:27 -0000

> Hello
>
> This signature comes from malwarepatrol.com.br databases
> I think you should better report this false positives directly to
> malwarepatrol team :)
>
> But I didn't find any malwarepatrol 'fp' email to send fp to them, nor any
> 'malwarepatrol' mailing lists !?! (only a 'report' email and report form
> on
> they web site)
>
> Does any guys on the list know some 'entry point' to malwarepatrol for FP
> reports ?

Hi All,

Firstly, I'dd added an entry to sigwhitelist.ign2 and just pushed it out
to the mirrors, this should have the effect of whitelisting the signature,
even though it's not a Sanesecurity distributed/produced signature.

Secondly, I've only got this link for submission reports:

http://www.malware.com.br/index.shtml#contribuir

Thirdly, this bit could be future cause for concern for script users of
MBL blocklist:

"Note that current users are required to subscribe. The current URL schema
will be discontinued on Feb 1st 2010 when only subscribed users will be
able to cotninue downloading our block lists"

Cheers,

Steve
Sanesecurity

Other related posts:

• » [sanesecurity_announce] False positives on MBL_144360.UNOFFICIAL - Steve Basford

1. Home
2. sanesecurity_announce
3. Archive
4. 03-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---